pool/libnettle
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c1d49fe382
libnettle/libnettle-s390x-CPACF-SHA-AES-support.patch
Pedro Monreal Gonzalez 283ba04e0d Accepting request 946959 from home:pmonrealgonzalez:branches:security:tls 
- Provide s390x CPACF/SHA/AES Support for Crypto Libraries
  * Add libnettle-s390x-CPACF-SHA-AES-support.patch [jsc#SLE-20733]

OBS-URL: https://build.opensuse.org/request/show/946959
OBS-URL: https://build.opensuse.org/package/show/security:tls/libnettle?expand=0&rev=24
2022-01-17 21:55:56 +00:00

5767 lines
196 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From c7391e5cdb8a0afc05186d484bc9f752b8f0c074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 10 Aug 2021 22:05:40 +0200
Subject: [PATCH] x86_64: Refactor aesni assembly, with specific functions for
each key size.
---
ChangeLog | 13 ++
fat-x86_64.c | 80 +++++++---
x86_64/aesni/aes-decrypt-internal.asm | 134 ----------------
x86_64/aesni/aes-encrypt-internal.asm | 134 ----------------
x86_64/aesni/aes128-decrypt.asm | 136 ++++++++++++++++
x86_64/aesni/aes128-encrypt.asm | 136 ++++++++++++++++
x86_64/aesni/aes192-decrypt.asm | 146 ++++++++++++++++++
x86_64/aesni/aes192-encrypt.asm | 146 ++++++++++++++++++
x86_64/aesni/aes256-decrypt.asm | 113 ++++++++++++++
x86_64/aesni/aes256-encrypt.asm | 113 ++++++++++++++
...pt-internal-2.asm => aes128-decrypt-2.asm} | 11 +-
...rypt-internal.asm => aes128-encrypt-2.asm} | 11 +-
...pt-internal-2.asm => aes192-decrypt-2.asm} | 11 +-
...rypt-internal.asm => aes192-encrypt-2.asm} | 11 +-
x86_64/fat/aes256-decrypt-2.asm | 36 +++++
x86_64/fat/aes256-encrypt-2.asm | 36 +++++
16 files changed, 955 insertions(+), 312 deletions(-)
delete mode 100644 x86_64/aesni/aes-decrypt-internal.asm
delete mode 100644 x86_64/aesni/aes-encrypt-internal.asm
create mode 100644 x86_64/aesni/aes128-decrypt.asm
create mode 100644 x86_64/aesni/aes128-encrypt.asm
create mode 100644 x86_64/aesni/aes192-decrypt.asm
create mode 100644 x86_64/aesni/aes192-encrypt.asm
create mode 100644 x86_64/aesni/aes256-decrypt.asm
create mode 100644 x86_64/aesni/aes256-encrypt.asm
rename x86_64/fat/{aes-encrypt-internal-2.asm => aes128-decrypt-2.asm} (82%)
rename x86_64/fat/{aes-encrypt-internal.asm => aes128-encrypt-2.asm} (82%)
rename x86_64/fat/{aes-decrypt-internal-2.asm => aes192-decrypt-2.asm} (82%)
rename x86_64/fat/{aes-decrypt-internal.asm => aes192-encrypt-2.asm} (82%)
create mode 100644 x86_64/fat/aes256-decrypt-2.asm
create mode 100644 x86_64/fat/aes256-encrypt-2.asm
Index: nettle-3.7.3/fat-x86_64.c
===================================================================
--- nettle-3.7.3.orig/fat-x86_64.c
+++ nettle-3.7.3/fat-x86_64.c
@@ -111,13 +111,24 @@ get_x86_features (struct x86_features *f
}
}
-DECLARE_FAT_FUNC(_nettle_aes_encrypt, aes_crypt_internal_func)
-DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, x86_64)
-DECLARE_FAT_FUNC_VAR(aes_encrypt, aes_crypt_internal_func, aesni)
-
-DECLARE_FAT_FUNC(_nettle_aes_decrypt, aes_crypt_internal_func)
-DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, x86_64)
-DECLARE_FAT_FUNC_VAR(aes_decrypt, aes_crypt_internal_func, aesni)
+DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func)
+DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, aesni)
+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, aesni)
+DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func)
+DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, aesni)
+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, aesni)
+DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func)
+DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, aesni)
+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, aesni)
DECLARE_FAT_FUNC(nettle_memxor, memxor_func)
DECLARE_FAT_FUNC_VAR(memxor, memxor_func, x86_64)
@@ -160,15 +171,23 @@ fat_init (void)
{
if (verbose)
fprintf (stderr, "libnettle: using aes instructions.\n");
- _nettle_aes_encrypt_vec = _nettle_aes_encrypt_aesni;
- _nettle_aes_decrypt_vec = _nettle_aes_decrypt_aesni;
+ nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_aesni;
+ nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_aesni;
+ nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_aesni;
+ nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_aesni;
+ nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_aesni;
+ nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_aesni;
}
else
{
if (verbose)
fprintf (stderr, "libnettle: not using aes instructions.\n");
- _nettle_aes_encrypt_vec = _nettle_aes_encrypt_x86_64;
- _nettle_aes_decrypt_vec = _nettle_aes_decrypt_x86_64;
+ nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c;
+ nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c;
+ nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c;
+ nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c;
+ nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c;
+ nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c;
}
if (features.have_sha_ni)
@@ -199,19 +218,32 @@ fat_init (void)
}
}
-DEFINE_FAT_FUNC(_nettle_aes_encrypt, void,
- (unsigned rounds, const uint32_t *keys,
- const struct aes_table *T,
- size_t length, uint8_t *dst,
- const uint8_t *src),
- (rounds, keys, T, length, dst, src))
-
-DEFINE_FAT_FUNC(_nettle_aes_decrypt, void,
- (unsigned rounds, const uint32_t *keys,
- const struct aes_table *T,
- size_t length, uint8_t *dst,
- const uint8_t *src),
- (rounds, keys, T, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes128_encrypt, void,
+ (const struct aes128_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes128_decrypt, void,
+ (const struct aes128_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+
+DEFINE_FAT_FUNC(nettle_aes192_encrypt, void,
+ (const struct aes192_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes192_decrypt, void,
+ (const struct aes192_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+
+DEFINE_FAT_FUNC(nettle_aes256_encrypt, void,
+ (const struct aes256_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
+ (const struct aes256_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
DEFINE_FAT_FUNC(nettle_memxor, void *,
(void *dst, const void *src, size_t n),
Index: nettle-3.7.3/x86_64/aesni/aes-decrypt-internal.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/aesni/aes-decrypt-internal.asm
+++ /dev/null
@@ -1,134 +0,0 @@
-C x86_64/aesni/aes-decrypt-internal.asm
-
-
-ifelse(`
- Copyright (C) 2015, 2018 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-C Input argument
-define(`ROUNDS', `%rdi')
-define(`KEYS', `%rsi')
-C define(`TABLE', `%rdx') C Unused here
-define(`LENGTH',`%rcx')
-define(`DST', `%r8')
-define(`SRC', `%r9')
-
-define(`KEY0', `%xmm0')
-define(`KEY1', `%xmm1')
-define(`KEY2', `%xmm2')
-define(`KEY3', `%xmm3')
-define(`KEY4', `%xmm4')
-define(`KEY5', `%xmm5')
-define(`KEY6', `%xmm6')
-define(`KEY7', `%xmm7')
-define(`KEY8', `%xmm8')
-define(`KEY9', `%xmm9')
-define(`KEY10', `%xmm10')
-define(`KEY11', `%xmm11')
-define(`KEY12', `%xmm12')
-define(`KEY13', `%xmm13')
-define(`KEYLAST', `%xmm14')
-define(`BLOCK', `%xmm15')
-
- .file "aes-decrypt-internal.asm"
-
- C _aes_decrypt(unsigned rounds, const uint32_t *keys,
- C const struct aes_table *T,
- C size_t length, uint8_t *dst,
- C uint8_t *src)
- .text
- ALIGN(16)
-PROLOGUE(_nettle_aes_decrypt)
- W64_ENTRY(6, 16)
- shr $4, LENGTH
- test LENGTH, LENGTH
- jz .Lend
-
- movups (KEYS), KEY0
- movups 16(KEYS), KEY1
- movups 32(KEYS), KEY2
- movups 48(KEYS), KEY3
- movups 64(KEYS), KEY4
- movups 80(KEYS), KEY5
- movups 96(KEYS), KEY6
- movups 112(KEYS), KEY7
- movups 128(KEYS), KEY8
- movups 144(KEYS), KEY9
- lea 160(KEYS), KEYS
- sub $10, XREG(ROUNDS) C Also clears high half
- je .Lkey_last
-
- movups (KEYS), KEY10
- movups 16(KEYS), KEY11
- lea (KEYS, ROUNDS, 8), KEYS
- lea (KEYS, ROUNDS, 8), KEYS
-
- cmpl $2, XREG(ROUNDS)
- je .Lkey_last
- movups -32(KEYS), KEY12
- movups -16(KEYS), KEY13
-
-.Lkey_last:
- movups (KEYS), KEYLAST
-
-.Lblock_loop:
- movups (SRC), BLOCK
- pxor KEY0, BLOCK
- aesdec KEY1, BLOCK
- aesdec KEY2, BLOCK
- aesdec KEY3, BLOCK
- aesdec KEY4, BLOCK
- aesdec KEY5, BLOCK
- aesdec KEY6, BLOCK
- aesdec KEY7, BLOCK
- aesdec KEY8, BLOCK
- aesdec KEY9, BLOCK
- testl XREG(ROUNDS), XREG(ROUNDS)
- je .Lblock_end
- aesdec KEY10, BLOCK
- aesdec KEY11, BLOCK
- cmpl $2, XREG(ROUNDS)
- je .Lblock_end
-
- aesdec KEY12, BLOCK
- aesdec KEY13, BLOCK
-
-.Lblock_end:
- aesdeclast KEYLAST, BLOCK
-
- movups BLOCK, (DST)
- add $16, SRC
- add $16, DST
- dec LENGTH
- jnz .Lblock_loop
-
-.Lend:
- W64_EXIT(6, 16)
- ret
-EPILOGUE(_nettle_aes_decrypt)
Index: nettle-3.7.3/x86_64/aesni/aes-encrypt-internal.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/aesni/aes-encrypt-internal.asm
+++ /dev/null
@@ -1,134 +0,0 @@
-C x86_64/aesni/aes-encrypt-internal.asm
-
-
-ifelse(`
- Copyright (C) 2015, 2018 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-C Input argument
-define(`ROUNDS', `%rdi')
-define(`KEYS', `%rsi')
-C define(`TABLE', `%rdx') C Unused here
-define(`LENGTH',`%rcx')
-define(`DST', `%r8')
-define(`SRC', `%r9')
-
-define(`KEY0', `%xmm0')
-define(`KEY1', `%xmm1')
-define(`KEY2', `%xmm2')
-define(`KEY3', `%xmm3')
-define(`KEY4', `%xmm4')
-define(`KEY5', `%xmm5')
-define(`KEY6', `%xmm6')
-define(`KEY7', `%xmm7')
-define(`KEY8', `%xmm8')
-define(`KEY9', `%xmm9')
-define(`KEY10', `%xmm10')
-define(`KEY11', `%xmm11')
-define(`KEY12', `%xmm12')
-define(`KEY13', `%xmm13')
-define(`KEYLAST', `%xmm14')
-define(`BLOCK', `%xmm15')
-
- .file "aes-encrypt-internal.asm"
-
- C _aes_encrypt(unsigned rounds, const uint32_t *keys,
- C const struct aes_table *T,
- C size_t length, uint8_t *dst,
- C uint8_t *src)
- .text
- ALIGN(16)
-PROLOGUE(_nettle_aes_encrypt)
- W64_ENTRY(6, 16)
- shr $4, LENGTH
- test LENGTH, LENGTH
- jz .Lend
-
- movups (KEYS), KEY0
- movups 16(KEYS), KEY1
- movups 32(KEYS), KEY2
- movups 48(KEYS), KEY3
- movups 64(KEYS), KEY4
- movups 80(KEYS), KEY5
- movups 96(KEYS), KEY6
- movups 112(KEYS), KEY7
- movups 128(KEYS), KEY8
- movups 144(KEYS), KEY9
- lea 160(KEYS), KEYS
- sub $10, XREG(ROUNDS) C Also clears high half
- je .Lkey_last
-
- movups (KEYS), KEY10
- movups 16(KEYS), KEY11
- lea (KEYS, ROUNDS, 8), KEYS
- lea (KEYS, ROUNDS, 8), KEYS
-
- cmpl $2, XREG(ROUNDS)
- je .Lkey_last
- movups -32(KEYS), KEY12
- movups -16(KEYS), KEY13
-
-.Lkey_last:
- movups (KEYS), KEYLAST
-
-.Lblock_loop:
- movups (SRC), BLOCK
- pxor KEY0, BLOCK
- aesenc KEY1, BLOCK
- aesenc KEY2, BLOCK
- aesenc KEY3, BLOCK
- aesenc KEY4, BLOCK
- aesenc KEY5, BLOCK
- aesenc KEY6, BLOCK
- aesenc KEY7, BLOCK
- aesenc KEY8, BLOCK
- aesenc KEY9, BLOCK
- testl XREG(ROUNDS), XREG(ROUNDS)
- je .Lblock_end
- aesenc KEY10, BLOCK
- aesenc KEY11, BLOCK
- cmpl $2, XREG(ROUNDS)
- je .Lblock_end
-
- aesenc KEY12, BLOCK
- aesenc KEY13, BLOCK
-
-.Lblock_end:
- aesenclast KEYLAST, BLOCK
-
- movups BLOCK, (DST)
- add $16, SRC
- add $16, DST
- dec LENGTH
- jnz .Lblock_loop
-
-.Lend:
- W64_EXIT(6, 16)
- ret
-EPILOGUE(_nettle_aes_encrypt)
Index: nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes128-decrypt.asm
@@ -0,0 +1,136 @@
+C x86_64/aesni/aes128-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`X', `%xmm11')
+define(`Y', `%xmm12')
+
+ .file "aes128-decrypt.asm"
+
+ C nettle_aes128_decrypt(const struct aes128_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes128_decrypt)
+ W64_ENTRY(4, 13)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ shr LENGTH
+ jnc .Lblock_loop
+
+ movups (SRC), X
+ pxor KEY0, X
+ aesdec KEY1, X
+ aesdec KEY2, X
+ aesdec KEY3, X
+ aesdec KEY4, X
+ aesdec KEY5, X
+ aesdec KEY6, X
+ aesdec KEY7, X
+ aesdec KEY8, X
+ aesdec KEY9, X
+ aesdeclast KEY10, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ test LENGTH, LENGTH
+ jz .Lend
+
+.Lblock_loop:
+ movups (SRC), X
+ movups 16(SRC), Y
+ pxor KEY0, X
+ pxor KEY0, Y
+ aesdec KEY1, X
+ aesdec KEY1, Y
+ aesdec KEY2, X
+ aesdec KEY2, Y
+ aesdec KEY3, X
+ aesdec KEY3, Y
+ aesdec KEY4, X
+ aesdec KEY4, Y
+ aesdec KEY5, X
+ aesdec KEY5, Y
+ aesdec KEY6, X
+ aesdec KEY6, Y
+ aesdec KEY7, X
+ aesdec KEY7, Y
+ aesdec KEY8, X
+ aesdec KEY8, Y
+ aesdec KEY9, X
+ aesdec KEY9, Y
+ aesdeclast KEY10, X
+ aesdeclast KEY10, Y
+
+ movups X, (DST)
+ movups Y, 16(DST)
+ add $32, SRC
+ add $32, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 13)
+ ret
+EPILOGUE(nettle_aes128_decrypt)
Index: nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes128-encrypt.asm
@@ -0,0 +1,136 @@
+C x86_64/aesni/aes128-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`X', `%xmm11')
+define(`Y', `%xmm12')
+
+ .file "aes128-encrypt.asm"
+
+ C nettle_aes128_encrypt(const struct aes128_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes128_encrypt)
+ W64_ENTRY(4, 13)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ shr LENGTH
+ jnc .Lblock_loop
+
+ movups (SRC), X
+ pxor KEY0, X
+ aesenc KEY1, X
+ aesenc KEY2, X
+ aesenc KEY3, X
+ aesenc KEY4, X
+ aesenc KEY5, X
+ aesenc KEY6, X
+ aesenc KEY7, X
+ aesenc KEY8, X
+ aesenc KEY9, X
+ aesenclast KEY10, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ test LENGTH, LENGTH
+ jz .Lend
+
+.Lblock_loop:
+ movups (SRC), X
+ movups 16(SRC), Y
+ pxor KEY0, X
+ pxor KEY0, Y
+ aesenc KEY1, X
+ aesenc KEY1, Y
+ aesenc KEY2, X
+ aesenc KEY2, Y
+ aesenc KEY3, X
+ aesenc KEY3, Y
+ aesenc KEY4, X
+ aesenc KEY4, Y
+ aesenc KEY5, X
+ aesenc KEY5, Y
+ aesenc KEY6, X
+ aesenc KEY6, Y
+ aesenc KEY7, X
+ aesenc KEY7, Y
+ aesenc KEY8, X
+ aesenc KEY8, Y
+ aesenc KEY9, X
+ aesenc KEY9, Y
+ aesenclast KEY10, X
+ aesenclast KEY10, Y
+
+ movups X, (DST)
+ movups Y, 16(DST)
+ add $32, SRC
+ add $32, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 13)
+ ret
+EPILOGUE(nettle_aes128_encrypt)
Index: nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes192-decrypt.asm
@@ -0,0 +1,146 @@
+C x86_64/aesni/aes192-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`KEY11', `%xmm11')
+define(`KEY12', `%xmm12')
+define(`X', `%xmm13')
+define(`Y', `%xmm14')
+
+ .file "aes192-decrypt.asm"
+
+ C nettle_aes192_decrypt(const struct aes192_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes192_decrypt)
+ W64_ENTRY(4, 15)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ movups 176(CTX), KEY11
+ movups 192(CTX), KEY12
+ shr LENGTH
+ jnc .Lblock_loop
+
+ movups (SRC), X
+ pxor KEY0, X
+ aesdec KEY1, X
+ aesdec KEY2, X
+ aesdec KEY3, X
+ aesdec KEY4, X
+ aesdec KEY5, X
+ aesdec KEY6, X
+ aesdec KEY7, X
+ aesdec KEY8, X
+ aesdec KEY9, X
+ aesdec KEY10, X
+ aesdec KEY11, X
+ aesdeclast KEY12, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ test LENGTH, LENGTH
+ jz .Lend
+
+.Lblock_loop:
+ movups (SRC), X
+ movups 16(SRC), Y
+ pxor KEY0, X
+ pxor KEY0, Y
+ aesdec KEY1, X
+ aesdec KEY1, Y
+ aesdec KEY2, X
+ aesdec KEY2, Y
+ aesdec KEY3, X
+ aesdec KEY3, Y
+ aesdec KEY4, X
+ aesdec KEY4, Y
+ aesdec KEY5, X
+ aesdec KEY5, Y
+ aesdec KEY6, X
+ aesdec KEY6, Y
+ aesdec KEY7, X
+ aesdec KEY7, Y
+ aesdec KEY8, X
+ aesdec KEY8, Y
+ aesdec KEY9, X
+ aesdec KEY9, Y
+ aesdec KEY10, X
+ aesdec KEY10, Y
+ aesdec KEY11, X
+ aesdec KEY11, Y
+ aesdeclast KEY12, X
+ aesdeclast KEY12, Y
+
+ movups X, (DST)
+ movups Y, 16(DST)
+ add $32, SRC
+ add $32, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 15)
+ ret
+EPILOGUE(nettle_aes192_decrypt)
Index: nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes192-encrypt.asm
@@ -0,0 +1,146 @@
+C x86_64/aesni/aes192-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`KEY11', `%xmm11')
+define(`KEY12', `%xmm12')
+define(`X', `%xmm13')
+define(`Y', `%xmm14')
+
+ .file "aes192-encrypt.asm"
+
+ C nettle_aes192_encrypt(const struct aes192_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes192_encrypt)
+ W64_ENTRY(4, 15)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ movups 176(CTX), KEY11
+ movups 192(CTX), KEY12
+ shr LENGTH
+ jnc .Lblock_loop
+
+ movups (SRC), X
+ pxor KEY0, X
+ aesenc KEY1, X
+ aesenc KEY2, X
+ aesenc KEY3, X
+ aesenc KEY4, X
+ aesenc KEY5, X
+ aesenc KEY6, X
+ aesenc KEY7, X
+ aesenc KEY8, X
+ aesenc KEY9, X
+ aesenc KEY10, X
+ aesenc KEY11, X
+ aesenclast KEY12, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ test LENGTH, LENGTH
+ jz .Lend
+
+.Lblock_loop:
+ movups (SRC), X
+ movups 16(SRC), Y
+ pxor KEY0, X
+ pxor KEY0, Y
+ aesenc KEY1, X
+ aesenc KEY1, Y
+ aesenc KEY2, X
+ aesenc KEY2, Y
+ aesenc KEY3, X
+ aesenc KEY3, Y
+ aesenc KEY4, X
+ aesenc KEY4, Y
+ aesenc KEY5, X
+ aesenc KEY5, Y
+ aesenc KEY6, X
+ aesenc KEY6, Y
+ aesenc KEY7, X
+ aesenc KEY7, Y
+ aesenc KEY8, X
+ aesenc KEY8, Y
+ aesenc KEY9, X
+ aesenc KEY9, Y
+ aesenc KEY10, X
+ aesenc KEY10, Y
+ aesenc KEY11, X
+ aesenc KEY11, Y
+ aesenclast KEY12, X
+ aesenclast KEY12, Y
+
+ movups X, (DST)
+ movups Y, 16(DST)
+ add $32, SRC
+ add $32, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 15)
+ ret
+EPILOGUE(nettle_aes192_encrypt)
Index: nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes256-decrypt.asm
@@ -0,0 +1,113 @@
+C x86_64/aesni/aes256-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`KEY11', `%xmm11')
+define(`KEY12', `%xmm12')
+define(`KEY13', `%xmm13')
+define(`KEY14', `%xmm14')
+define(`X', `%xmm15')
+
+ .file "aes256-decrypt.asm"
+
+ C nettle_aes256_decrypt(const struct aes256_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes256_decrypt)
+ W64_ENTRY(4, 16)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ movups 176(CTX), KEY11
+ movups 192(CTX), KEY12
+ movups 208(CTX), KEY13
+ movups 224(CTX), KEY14
+
+.Lblock_loop:
+ movups (SRC), X
+ pxor KEY0, X
+ aesdec KEY1, X
+ aesdec KEY2, X
+ aesdec KEY3, X
+ aesdec KEY4, X
+ aesdec KEY5, X
+ aesdec KEY6, X
+ aesdec KEY7, X
+ aesdec KEY8, X
+ aesdec KEY9, X
+ aesdec KEY10, X
+ aesdec KEY11, X
+ aesdec KEY12, X
+ aesdec KEY13, X
+ aesdeclast KEY14, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 16)
+ ret
+EPILOGUE(nettle_aes256_decrypt)
Index: nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/aesni/aes256-encrypt.asm
@@ -0,0 +1,113 @@
+C x86_64/aesni/aes256-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2015, 2018, 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C Input argument
+define(`CTX', `%rdi')
+define(`LENGTH',`%rsi')
+define(`DST', `%rdx')
+define(`SRC', `%rcx')
+
+define(`KEY0', `%xmm0')
+define(`KEY1', `%xmm1')
+define(`KEY2', `%xmm2')
+define(`KEY3', `%xmm3')
+define(`KEY4', `%xmm4')
+define(`KEY5', `%xmm5')
+define(`KEY6', `%xmm6')
+define(`KEY7', `%xmm7')
+define(`KEY8', `%xmm8')
+define(`KEY9', `%xmm9')
+define(`KEY10', `%xmm10')
+define(`KEY11', `%xmm11')
+define(`KEY12', `%xmm12')
+define(`KEY13', `%xmm13')
+define(`KEY14', `%xmm14')
+define(`X', `%xmm15')
+
+ .file "aes256-encrypt.asm"
+
+ C nettle_aes256_encrypt(const struct aes256_ctx *ctx,
+ C size_t length, uint8_t *dst,
+ C const uint8_t *src);
+
+ .text
+ ALIGN(16)
+PROLOGUE(nettle_aes256_encrypt)
+ W64_ENTRY(4, 16)
+ shr $4, LENGTH
+ test LENGTH, LENGTH
+ jz .Lend
+
+ movups (CTX), KEY0
+ movups 16(CTX), KEY1
+ movups 32(CTX), KEY2
+ movups 48(CTX), KEY3
+ movups 64(CTX), KEY4
+ movups 80(CTX), KEY5
+ movups 96(CTX), KEY6
+ movups 112(CTX), KEY7
+ movups 128(CTX), KEY8
+ movups 144(CTX), KEY9
+ movups 160(CTX), KEY10
+ movups 176(CTX), KEY11
+ movups 192(CTX), KEY12
+ movups 208(CTX), KEY13
+ movups 224(CTX), KEY14
+
+.Lblock_loop:
+ movups (SRC), X
+ pxor KEY0, X
+ aesenc KEY1, X
+ aesenc KEY2, X
+ aesenc KEY3, X
+ aesenc KEY4, X
+ aesenc KEY5, X
+ aesenc KEY6, X
+ aesenc KEY7, X
+ aesenc KEY8, X
+ aesenc KEY9, X
+ aesenc KEY10, X
+ aesenc KEY11, X
+ aesenc KEY12, X
+ aesenc KEY13, X
+ aesenclast KEY14, X
+
+ movups X, (DST)
+ add $16, SRC
+ add $16, DST
+ dec LENGTH
+ jnz .Lblock_loop
+
+.Lend:
+ W64_EXIT(4, 16)
+ ret
+EPILOGUE(nettle_aes256_encrypt)
Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal-2.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal-2.asm
+++ /dev/null
@@ -1,35 +0,0 @@
-C x86_64/fat/aes-encrypt-internal-2.asm
-
-
-ifelse(`
- Copyright (C) 2015 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-define(`fat_transform', `$1_aesni')
-include_src(`x86_64/aesni/aes-encrypt-internal.asm')
Index: nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes128-decrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes128-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes128-decrypt.asm')
Index: nettle-3.7.3/x86_64/fat/aes-encrypt-internal.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/fat/aes-encrypt-internal.asm
+++ /dev/null
@@ -1,35 +0,0 @@
-C x86_64/fat/aes-encrypt-internal.asm
-
-
-ifelse(`
- Copyright (C) 2015 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-define(`fat_transform', `$1_x86_64')
-include_src(`x86_64/aes-encrypt-internal.asm')
Index: nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes128-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes128-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes128-encrypt.asm')
Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal-2.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal-2.asm
+++ /dev/null
@@ -1,35 +0,0 @@
-C x86_64/fat/aes-decrypt-internal-2.asm
-
-
-ifelse(`
- Copyright (C) 2015 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-define(`fat_transform', `$1_aesni')
-include_src(`x86_64/aesni/aes-decrypt-internal.asm')
Index: nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes192-decrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes192-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes192-decrypt.asm')
Index: nettle-3.7.3/x86_64/fat/aes-decrypt-internal.asm
===================================================================
--- nettle-3.7.3.orig/x86_64/fat/aes-decrypt-internal.asm
+++ /dev/null
@@ -1,35 +0,0 @@
-C x86_64/fat/aes-decrypt-internal.asm
-
-
-ifelse(`
- Copyright (C) 2015 Niels Möller
-
- This file is part of GNU Nettle.
-
- GNU Nettle is free software: you can redistribute it and/or
- modify it under the terms of either:
-
- * the GNU Lesser General Public License as published by the Free
- Software Foundation; either version 3 of the License, or (at your
- option) any later version.
-
- or
-
- * the GNU General Public License as published by the Free
- Software Foundation; either version 2 of the License, or (at your
- option) any later version.
-
- or both in parallel, as here.
-
- GNU Nettle is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received copies of the GNU General Public License and
- the GNU Lesser General Public License along with this program. If
- not, see http://www.gnu.org/licenses/.
-')
-
-define(`fat_transform', `$1_x86_64')
-include_src(`x86_64/aes-decrypt-internal.asm')
Index: nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes192-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes192-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes192-encrypt.asm')
Index: nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes256-decrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes256-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes256-decrypt.asm')
Index: nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/x86_64/fat/aes256-encrypt-2.asm
@@ -0,0 +1,36 @@
+C x86_64/fat/aes256-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2021 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_aesni')
+include_src(`x86_64/aesni/aes256-encrypt.asm')
Index: nettle-3.7.3/Makefile.in
===================================================================
--- nettle-3.7.3.orig/Makefile.in
+++ nettle-3.7.3/Makefile.in
@@ -74,8 +74,10 @@ dvi installcheck uninstallcheck:
all-here: $(TARGETS) $(DOCTARGETS)
-nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
+nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
+ aes128-decrypt.c aes192-decrypt.c aes256-decrypt.c \
aes-encrypt-internal.c aes-encrypt.c aes-encrypt-table.c \
+ aes128-encrypt.c aes192-encrypt.c aes256-encrypt.c \
aes-invert-internal.c aes-set-key-internal.c \
aes-set-encrypt-key.c aes-set-decrypt-key.c \
aes128-set-encrypt-key.c aes128-set-decrypt-key.c \
@@ -217,7 +219,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ed448-shake256.c ed448-shake256-pubkey.c \
ed448-shake256-sign.c ed448-shake256-verify.c
-OPT_SOURCES = fat-arm.c fat-ppc.c fat-x86_64.c mini-gmp.c
+OPT_SOURCES = fat-arm.c fat-ppc.c fat-s390x.c fat-x86_64.c mini-gmp.c
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
base16.h base64.h bignum.h buffer.h camellia.h cast128.h \
@@ -616,7 +618,8 @@ distdir: $(DISTFILES)
set -e; for d in sparc32 sparc64 x86 \
x86_64 x86_64/aesni x86_64/sha_ni x86_64/fat \
arm arm/neon arm/v6 arm/fat \
- powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat ; do \
+ powerpc64 powerpc64/p7 powerpc64/p8 powerpc64/fat \
+ s390x s390x/vf s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 s390x/fat ; do \
mkdir "$(distdir)/$$d" ; \
find "$(srcdir)/$$d" -maxdepth 1 '(' -name '*.asm' -o -name '*.m4' -o -name README ')' \
-exec cp '{}' "$(distdir)/$$d" ';' ; \
Index: nettle-3.7.3/configure.ac
===================================================================
--- nettle-3.7.3.orig/configure.ac
+++ nettle-3.7.3/configure.ac
@@ -97,6 +97,14 @@ AC_ARG_ENABLE(power-altivec,
AC_HELP_STRING([--enable-power-altivec], [Enable POWER altivec and vsx extensions. (default=no)]),,
[enable_altivec=no])
+AC_ARG_ENABLE(s390x-vf,
+ AC_HELP_STRING([--enable-s390x-vf], [Enable vector facility on z/Architecture. (default=no)]),,
+ [enable_s390x_vf=no])
+
+AC_ARG_ENABLE(s390x-msa,
+ AC_HELP_STRING([--enable-s390x-msa], [Enable message-security assist extensions on z/Architecture. (default=no)]),,
+ [enable_s390x_msa=no])
+
AC_ARG_ENABLE(mini-gmp,
AC_HELP_STRING([--enable-mini-gmp], [Enable mini-gmp, used instead of libgmp.]),,
[enable_mini_gmp=no])
@@ -344,6 +352,17 @@ case "$host_cpu" in
ABI=64
])
;;
+ *s390x*)
+ AC_TRY_COMPILE([
+#if defined(__s390x__)
+#error 64-bit s390x
+#endif
+ ], [], [
+ ABI=32
+ ], [
+ ABI=64
+ ])
+ ;;
esac
if test "x$ABI" != xstandard ; then
@@ -477,7 +496,23 @@ if test "x$enable_assembler" = xyes ; th
fi
fi
;;
-
+ *s390x*)
+ if test "$ABI" = 64 ; then
+ asm_path="s390x"
+ if test "x$enable_fat" = xyes ; then
+ asm_path="s390x/fat $asm_path"
+ OPT_NETTLE_SOURCES="fat-s390x.c $OPT_NETTLE_SOURCES"
+ FAT_TEST_LIST="none vf msa msa_x1 msa_x2 msa_x4"
+ else
+ if test "$enable_s390x_vf" = yes ; then
+ asm_path="s390x/vf $asm_path"
+ fi
+ if test "$enable_s390x_msa" = yes ; then
+ asm_path="s390x/msa s390x/msa_x1 s390x/msa_x2 s390x/msa_x4 $asm_path"
+ fi
+ fi
+ fi
+ ;;
*)
enable_assembler=no
;;
@@ -487,6 +522,12 @@ fi
# Files which replace a C source file (or otherwise don't correspond
# to a new object file).
asm_replace_list="aes-encrypt-internal.asm aes-decrypt-internal.asm \
+ aes128-set-encrypt-key.asm aes128-set-decrypt-key.asm \
+ aes128-encrypt.asm aes128-decrypt.asm \
+ aes192-set-encrypt-key.asm aes192-set-decrypt-key.asm \
+ aes192-encrypt.asm aes192-decrypt.asm \
+ aes256-set-encrypt-key.asm aes256-set-decrypt-key.asm \
+ aes256-encrypt.asm aes256-decrypt.asm \
arcfour-crypt.asm camellia-crypt-internal.asm \
md5-compress.asm memxor.asm memxor3.asm \
poly1305-internal.asm \
@@ -497,8 +538,14 @@ asm_replace_list="aes-encrypt-internal.a
sha3-permute.asm umac-nh.asm umac-nh-n.asm machine.m4"
# Assembler files which generate additional object files if they are used.
-asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm \
- aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm \
+asm_nettle_optional_list="gcm-hash.asm gcm-hash8.asm cpuid.asm cpu-facility.asm \
+ aes-encrypt-internal-2.asm aes-decrypt-internal-2.asm memxor-2.asm memxor3-2.asm \
+ aes128-set-encrypt-key-2.asm aes128-set-decrypt-key-2.asm \
+ aes128-encrypt-2.asm aes128-decrypt-2.asm \
+ aes192-set-encrypt-key-2.asm aes192-set-decrypt-key-2.asm \
+ aes192-encrypt-2.asm aes192-decrypt-2.asm \
+ aes256-set-encrypt-key-2.asm aes256-set-decrypt-key-2.asm \
+ aes256-encrypt-2.asm aes256-decrypt-2.asm \
chacha-2core.asm chacha-3core.asm chacha-4core.asm chacha-core-internal-2.asm \
salsa20-2core.asm salsa20-core-internal-2.asm \
sha1-compress-2.asm sha256-compress-2.asm \
@@ -605,8 +652,24 @@ AC_SUBST([ASM_PPC_WANT_R_REGISTERS])
AH_VERBATIM([HAVE_NATIVE],
[/* Define to 1 each of the following for which a native (ie. CPU specific)
implementation of the corresponding routine exists. */
+#undef HAVE_NATIVE_memxor3
#undef HAVE_NATIVE_aes_decrypt
#undef HAVE_NATIVE_aes_encrypt
+#undef HAVE_NATIVE_aes128_decrypt
+#undef HAVE_NATIVE_aes128_encrypt
+#undef HAVE_NATIVE_aes128_invert_key
+#undef HAVE_NATIVE_aes128_set_decrypt_key
+#undef HAVE_NATIVE_aes128_set_encrypt_key
+#undef HAVE_NATIVE_aes192_decrypt
+#undef HAVE_NATIVE_aes192_encrypt
+#undef HAVE_NATIVE_aes192_invert_key
+#undef HAVE_NATIVE_aes192_set_decrypt_key
+#undef HAVE_NATIVE_aes192_set_encrypt_key
+#undef HAVE_NATIVE_aes256_decrypt
+#undef HAVE_NATIVE_aes256_encrypt
+#undef HAVE_NATIVE_aes256_invert_key
+#undef HAVE_NATIVE_aes256_set_decrypt_key
+#undef HAVE_NATIVE_aes256_set_encrypt_key
#undef HAVE_NATIVE_chacha_core
#undef HAVE_NATIVE_chacha_2core
#undef HAVE_NATIVE_chacha_3core
Index: nettle-3.7.3/s390x/README
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/README
@@ -0,0 +1,60 @@
+Registers Conventions[1]
+
+Register Status Use
+
+r0, r1 General purpose Volatile
+r2 Parameter passing and return values Volatile
+r3, r4, r5 Parameter passing Volatile
+r6 Parameter passing Saved
+r7 - r11 Local variables Saved
+r12 Local variable, commonly used as GOT pointer Saved
+r13 Local variable, commonly used as Literal Pool pointer Saved
+r14 Return address Volatile
+r15 Stack pointer Saved
+
+f0, f2, f4, f6 Parameter passing and return values Volatile
+f1, f3, f5, f7 General purpose Volatile
+f8 f15 General purpose Saved
+
+Vector Register Conventions
+
+Register Use
+
+VR0 - VR7 Volatile
+VR8 - VR15 Bytes 0-7 are non-volatile, Bytes 8-15 are volatile
+VR16 - VR23 Non-volatile
+VR24 - VR31 Volatile
+
+General Registers[2]
+
+In addition to their use as accumulators in general
+arithmetic and logical operations, 15 of the 16 general
+registers are also used as base-address and
+index registers in address generation. In these
+cases, the registers are designated by a four-bit B
+field or X field in an instruction. A value of zero in the
+B or X field specifies that no base or index is to be
+applied, and, thus, general register 0 cannot be designated
+as containing a base address or index.
+
+Parameter passing[1]
+
+Values shorter than 64 bits are sign- or zero-extended (as appropriate)
+to 64 bits. Arguments not handled in the registers are passed in the parameter
+words of the callers stack frame.
+
+Dynamic stack space allocation[1]
+
+1. After a new stack frame is acquired, and before the first dynamic space
+allocation, a new register, the frame pointer or FP, is set to the value of the
+stack pointer.
+2. The amount of dynamic space to be allocated is rounded up to a multiple of 8
+bytes, so that 8-byte stack alignment is maintained.
+3. The stack pointer is decreased by the rounded byte count, and the address of
+the previous stack frame (the back chain) may be stored at the word addressed
+by the new stack pointer. The back chain is not necessary to restore from this
+allocation at the end of the function since the frame pointer can be used to
+restore the stack pointer.
+
+[1] http://legacy.redhat.com/pub/redhat/linux/7.1/es/os/s390x/doc/lzsabi0.pdf
+[2] https://www.ibm.com/support/pages/zarchitecture-principles-operation
Index: nettle-3.7.3/aes-decrypt-table.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes-decrypt-table.c
@@ -0,0 +1,345 @@
+/* aes-decrypt-table.c
+
+ Decryption function for aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdlib.h>
+
+#include "aes-internal.h"
+
+const struct aes_table
+_nettle_aes_decrypt_table =
+ { /* isbox */
+ {
+ 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
+ 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
+ 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
+ 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
+ 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
+ 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
+ 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
+ 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
+ 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
+ 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
+ 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
+ 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
+ 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
+ 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
+ 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
+ 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
+ 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
+ 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
+ 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
+ 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
+ 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
+ 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
+ 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
+ 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
+ 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
+ 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
+ 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
+ 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
+ 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
+ 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
+ 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
+ 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d,
+ },
+ { /* itable */
+ {
+ 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,
+ 0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b,
+ 0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
+ 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,
+ 0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d,
+ 0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
+ 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,
+ 0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e,
+ 0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
+ 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,
+ 0x184adf63,0x82311ae5,0x60335197,0x457f5362,
+ 0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
+ 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,
+ 0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566,
+ 0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3,
+ 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,
+ 0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e,
+ 0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
+ 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,
+ 0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd,
+ 0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
+ 0xb58d5491,0x055dc471,0x6fd40604,0xff155060,
+ 0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967,
+ 0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
+ 0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000,
+ 0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c,
+ 0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
+ 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,
+ 0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b,
+ 0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
+ 0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,
+ 0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14,
+ 0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
+ 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,
+ 0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8,
+ 0xcadc31d7,0x10856342,0x40229713,0x2011c684,
+ 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,
+ 0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177,
+ 0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
+ 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,
+ 0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498,
+ 0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
+ 0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54,
+ 0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382,
+ 0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
+ 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,
+ 0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83,
+ 0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef,
+ 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,
+ 0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235,
+ 0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
+ 0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117,
+ 0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4,
+ 0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
+ 0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,
+ 0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d,
+ 0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
+ 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,
+ 0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773,
+ 0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
+ 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,
+ 0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff,
+ 0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
+ 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0,
+ },
+#if !AES_SMALL
+ { /* Before: itable[1] */
+ 0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96,
+ 0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93,
+ 0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525,
+ 0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f,
+ 0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1,
+ 0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6,
+ 0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da,
+ 0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44,
+ 0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd,
+ 0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4,
+ 0x4adf6318,0x311ae582,0x33519760,0x7f536245,
+ 0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994,
+ 0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7,
+ 0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a,
+ 0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5,
+ 0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c,
+ 0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1,
+ 0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a,
+ 0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475,
+ 0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51,
+ 0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46,
+ 0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff,
+ 0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777,
+ 0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db,
+ 0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000,
+ 0x86800983,0xed2b3248,0x70111eac,0x725a6c4e,
+ 0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627,
+ 0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a,
+ 0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e,
+ 0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16,
+ 0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d,
+ 0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8,
+ 0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd,
+ 0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34,
+ 0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863,
+ 0xdc31d7ca,0x85634210,0x22971340,0x11c68420,
+ 0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d,
+ 0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0,
+ 0x16b32b6c,0xb970a999,0x489411fa,0x64e94722,
+ 0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef,
+ 0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836,
+ 0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4,
+ 0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462,
+ 0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5,
+ 0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3,
+ 0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b,
+ 0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8,
+ 0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6,
+ 0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6,
+ 0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0,
+ 0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315,
+ 0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f,
+ 0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df,
+ 0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f,
+ 0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e,
+ 0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13,
+ 0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89,
+ 0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c,
+ 0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf,
+ 0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886,
+ 0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f,
+ 0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41,
+ 0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490,
+ 0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042,
+ },{ /* Before: itable[2] */
+ 0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e,
+ 0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303,
+ 0x302055fa,0x76adf66d,0xcc889176,0x02f5254c,
+ 0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3,
+ 0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0,
+ 0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9,
+ 0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59,
+ 0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8,
+ 0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71,
+ 0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a,
+ 0xdf63184a,0x1ae58231,0x51976033,0x5362457f,
+ 0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b,
+ 0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8,
+ 0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab,
+ 0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508,
+ 0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82,
+ 0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2,
+ 0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe,
+ 0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb,
+ 0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110,
+ 0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd,
+ 0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15,
+ 0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e,
+ 0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee,
+ 0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000,
+ 0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72,
+ 0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739,
+ 0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e,
+ 0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91,
+ 0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a,
+ 0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17,
+ 0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9,
+ 0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60,
+ 0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e,
+ 0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1,
+ 0x31d7cadc,0x63421085,0x97134022,0xc6842011,
+ 0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1,
+ 0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3,
+ 0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264,
+ 0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90,
+ 0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b,
+ 0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf,
+ 0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246,
+ 0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af,
+ 0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312,
+ 0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb,
+ 0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a,
+ 0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8,
+ 0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c,
+ 0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066,
+ 0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8,
+ 0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6,
+ 0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04,
+ 0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51,
+ 0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41,
+ 0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347,
+ 0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c,
+ 0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1,
+ 0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37,
+ 0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db,
+ 0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40,
+ 0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195,
+ 0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1,
+ 0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257,
+ },{ /* Before: itable[3] */
+ 0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27,
+ 0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3,
+ 0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02,
+ 0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362,
+ 0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe,
+ 0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3,
+ 0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952,
+ 0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9,
+ 0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9,
+ 0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace,
+ 0x63184adf,0xe582311a,0x97603351,0x62457f53,
+ 0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08,
+ 0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b,
+ 0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55,
+ 0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837,
+ 0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216,
+ 0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269,
+ 0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6,
+ 0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6,
+ 0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e,
+ 0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6,
+ 0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550,
+ 0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9,
+ 0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8,
+ 0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000,
+ 0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a,
+ 0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d,
+ 0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36,
+ 0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b,
+ 0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12,
+ 0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b,
+ 0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e,
+ 0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f,
+ 0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb,
+ 0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4,
+ 0xd7cadc31,0x42108563,0x13402297,0x842011c6,
+ 0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129,
+ 0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1,
+ 0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9,
+ 0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033,
+ 0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4,
+ 0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad,
+ 0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e,
+ 0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3,
+ 0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225,
+ 0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b,
+ 0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f,
+ 0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815,
+ 0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0,
+ 0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2,
+ 0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7,
+ 0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691,
+ 0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496,
+ 0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165,
+ 0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b,
+ 0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6,
+ 0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13,
+ 0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147,
+ 0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7,
+ 0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44,
+ 0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3,
+ 0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d,
+ 0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156,
+ 0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8,
+ },
+#endif /* !AES_SMALL */
+ }
+ };
Index: nettle-3.7.3/aes-decrypt.c
===================================================================
--- nettle-3.7.3.orig/aes-decrypt.c
+++ nettle-3.7.3/aes-decrypt.c
@@ -35,316 +35,10 @@
# include "config.h"
#endif
-#include <assert.h>
#include <stdlib.h>
#include "aes-internal.h"
-static const struct aes_table
-_aes_decrypt_table =
- { /* isbox */
- {
- 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38,
- 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb,
- 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87,
- 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb,
- 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d,
- 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e,
- 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2,
- 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25,
- 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16,
- 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92,
- 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda,
- 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84,
- 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a,
- 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06,
- 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02,
- 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b,
- 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea,
- 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73,
- 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85,
- 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e,
- 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89,
- 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b,
- 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20,
- 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4,
- 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31,
- 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f,
- 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d,
- 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef,
- 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0,
- 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61,
- 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26,
- 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d,
- },
- { /* itable */
- {
- 0x50a7f451,0x5365417e,0xc3a4171a,0x965e273a,
- 0xcb6bab3b,0xf1459d1f,0xab58faac,0x9303e34b,
- 0x55fa3020,0xf66d76ad,0x9176cc88,0x254c02f5,
- 0xfcd7e54f,0xd7cb2ac5,0x80443526,0x8fa362b5,
- 0x495ab1de,0x671bba25,0x980eea45,0xe1c0fe5d,
- 0x02752fc3,0x12f04c81,0xa397468d,0xc6f9d36b,
- 0xe75f8f03,0x959c9215,0xeb7a6dbf,0xda595295,
- 0x2d83bed4,0xd3217458,0x2969e049,0x44c8c98e,
- 0x6a89c275,0x78798ef4,0x6b3e5899,0xdd71b927,
- 0xb64fe1be,0x17ad88f0,0x66ac20c9,0xb43ace7d,
- 0x184adf63,0x82311ae5,0x60335197,0x457f5362,
- 0xe07764b1,0x84ae6bbb,0x1ca081fe,0x942b08f9,
- 0x58684870,0x19fd458f,0x876cde94,0xb7f87b52,
- 0x23d373ab,0xe2024b72,0x578f1fe3,0x2aab5566,
- 0x0728ebb2,0x03c2b52f,0x9a7bc586,0xa50837d3,
- 0xf2872830,0xb2a5bf23,0xba6a0302,0x5c8216ed,
- 0x2b1ccf8a,0x92b479a7,0xf0f207f3,0xa1e2694e,
- 0xcdf4da65,0xd5be0506,0x1f6234d1,0x8afea6c4,
- 0x9d532e34,0xa055f3a2,0x32e18a05,0x75ebf6a4,
- 0x39ec830b,0xaaef6040,0x069f715e,0x51106ebd,
- 0xf98a213e,0x3d06dd96,0xae053edd,0x46bde64d,
- 0xb58d5491,0x055dc471,0x6fd40604,0xff155060,
- 0x24fb9819,0x97e9bdd6,0xcc434089,0x779ed967,
- 0xbd42e8b0,0x888b8907,0x385b19e7,0xdbeec879,
- 0x470a7ca1,0xe90f427c,0xc91e84f8,0x00000000,
- 0x83868009,0x48ed2b32,0xac70111e,0x4e725a6c,
- 0xfbff0efd,0x5638850f,0x1ed5ae3d,0x27392d36,
- 0x64d90f0a,0x21a65c68,0xd1545b9b,0x3a2e3624,
- 0xb1670a0c,0x0fe75793,0xd296eeb4,0x9e919b1b,
- 0x4fc5c080,0xa220dc61,0x694b775a,0x161a121c,
- 0x0aba93e2,0xe52aa0c0,0x43e0223c,0x1d171b12,
- 0x0b0d090e,0xadc78bf2,0xb9a8b62d,0xc8a91e14,
- 0x8519f157,0x4c0775af,0xbbdd99ee,0xfd607fa3,
- 0x9f2601f7,0xbcf5725c,0xc53b6644,0x347efb5b,
- 0x7629438b,0xdcc623cb,0x68fcedb6,0x63f1e4b8,
- 0xcadc31d7,0x10856342,0x40229713,0x2011c684,
- 0x7d244a85,0xf83dbbd2,0x1132f9ae,0x6da129c7,
- 0x4b2f9e1d,0xf330b2dc,0xec52860d,0xd0e3c177,
- 0x6c16b32b,0x99b970a9,0xfa489411,0x2264e947,
- 0xc48cfca8,0x1a3ff0a0,0xd82c7d56,0xef903322,
- 0xc74e4987,0xc1d138d9,0xfea2ca8c,0x360bd498,
- 0xcf81f5a6,0x28de7aa5,0x268eb7da,0xa4bfad3f,
- 0xe49d3a2c,0x0d927850,0x9bcc5f6a,0x62467e54,
- 0xc2138df6,0xe8b8d890,0x5ef7392e,0xf5afc382,
- 0xbe805d9f,0x7c93d069,0xa92dd56f,0xb31225cf,
- 0x3b99acc8,0xa77d1810,0x6e639ce8,0x7bbb3bdb,
- 0x097826cd,0xf418596e,0x01b79aec,0xa89a4f83,
- 0x656e95e6,0x7ee6ffaa,0x08cfbc21,0xe6e815ef,
- 0xd99be7ba,0xce366f4a,0xd4099fea,0xd67cb029,
- 0xafb2a431,0x31233f2a,0x3094a5c6,0xc066a235,
- 0x37bc4e74,0xa6ca82fc,0xb0d090e0,0x15d8a733,
- 0x4a9804f1,0xf7daec41,0x0e50cd7f,0x2ff69117,
- 0x8dd64d76,0x4db0ef43,0x544daacc,0xdf0496e4,
- 0xe3b5d19e,0x1b886a4c,0xb81f2cc1,0x7f516546,
- 0x04ea5e9d,0x5d358c01,0x737487fa,0x2e410bfb,
- 0x5a1d67b3,0x52d2db92,0x335610e9,0x1347d66d,
- 0x8c61d79a,0x7a0ca137,0x8e14f859,0x893c13eb,
- 0xee27a9ce,0x35c961b7,0xede51ce1,0x3cb1477a,
- 0x59dfd29c,0x3f73f255,0x79ce1418,0xbf37c773,
- 0xeacdf753,0x5baafd5f,0x146f3ddf,0x86db4478,
- 0x81f3afca,0x3ec468b9,0x2c342438,0x5f40a3c2,
- 0x72c31d16,0x0c25e2bc,0x8b493c28,0x41950dff,
- 0x7101a839,0xdeb30c08,0x9ce4b4d8,0x90c15664,
- 0x6184cb7b,0x70b632d5,0x745c6c48,0x4257b8d0,
- },
-#if !AES_SMALL
- { /* Before: itable[1] */
- 0xa7f45150,0x65417e53,0xa4171ac3,0x5e273a96,
- 0x6bab3bcb,0x459d1ff1,0x58faacab,0x03e34b93,
- 0xfa302055,0x6d76adf6,0x76cc8891,0x4c02f525,
- 0xd7e54ffc,0xcb2ac5d7,0x44352680,0xa362b58f,
- 0x5ab1de49,0x1bba2567,0x0eea4598,0xc0fe5de1,
- 0x752fc302,0xf04c8112,0x97468da3,0xf9d36bc6,
- 0x5f8f03e7,0x9c921595,0x7a6dbfeb,0x595295da,
- 0x83bed42d,0x217458d3,0x69e04929,0xc8c98e44,
- 0x89c2756a,0x798ef478,0x3e58996b,0x71b927dd,
- 0x4fe1beb6,0xad88f017,0xac20c966,0x3ace7db4,
- 0x4adf6318,0x311ae582,0x33519760,0x7f536245,
- 0x7764b1e0,0xae6bbb84,0xa081fe1c,0x2b08f994,
- 0x68487058,0xfd458f19,0x6cde9487,0xf87b52b7,
- 0xd373ab23,0x024b72e2,0x8f1fe357,0xab55662a,
- 0x28ebb207,0xc2b52f03,0x7bc5869a,0x0837d3a5,
- 0x872830f2,0xa5bf23b2,0x6a0302ba,0x8216ed5c,
- 0x1ccf8a2b,0xb479a792,0xf207f3f0,0xe2694ea1,
- 0xf4da65cd,0xbe0506d5,0x6234d11f,0xfea6c48a,
- 0x532e349d,0x55f3a2a0,0xe18a0532,0xebf6a475,
- 0xec830b39,0xef6040aa,0x9f715e06,0x106ebd51,
- 0x8a213ef9,0x06dd963d,0x053eddae,0xbde64d46,
- 0x8d5491b5,0x5dc47105,0xd406046f,0x155060ff,
- 0xfb981924,0xe9bdd697,0x434089cc,0x9ed96777,
- 0x42e8b0bd,0x8b890788,0x5b19e738,0xeec879db,
- 0x0a7ca147,0x0f427ce9,0x1e84f8c9,0x00000000,
- 0x86800983,0xed2b3248,0x70111eac,0x725a6c4e,
- 0xff0efdfb,0x38850f56,0xd5ae3d1e,0x392d3627,
- 0xd90f0a64,0xa65c6821,0x545b9bd1,0x2e36243a,
- 0x670a0cb1,0xe757930f,0x96eeb4d2,0x919b1b9e,
- 0xc5c0804f,0x20dc61a2,0x4b775a69,0x1a121c16,
- 0xba93e20a,0x2aa0c0e5,0xe0223c43,0x171b121d,
- 0x0d090e0b,0xc78bf2ad,0xa8b62db9,0xa91e14c8,
- 0x19f15785,0x0775af4c,0xdd99eebb,0x607fa3fd,
- 0x2601f79f,0xf5725cbc,0x3b6644c5,0x7efb5b34,
- 0x29438b76,0xc623cbdc,0xfcedb668,0xf1e4b863,
- 0xdc31d7ca,0x85634210,0x22971340,0x11c68420,
- 0x244a857d,0x3dbbd2f8,0x32f9ae11,0xa129c76d,
- 0x2f9e1d4b,0x30b2dcf3,0x52860dec,0xe3c177d0,
- 0x16b32b6c,0xb970a999,0x489411fa,0x64e94722,
- 0x8cfca8c4,0x3ff0a01a,0x2c7d56d8,0x903322ef,
- 0x4e4987c7,0xd138d9c1,0xa2ca8cfe,0x0bd49836,
- 0x81f5a6cf,0xde7aa528,0x8eb7da26,0xbfad3fa4,
- 0x9d3a2ce4,0x9278500d,0xcc5f6a9b,0x467e5462,
- 0x138df6c2,0xb8d890e8,0xf7392e5e,0xafc382f5,
- 0x805d9fbe,0x93d0697c,0x2dd56fa9,0x1225cfb3,
- 0x99acc83b,0x7d1810a7,0x639ce86e,0xbb3bdb7b,
- 0x7826cd09,0x18596ef4,0xb79aec01,0x9a4f83a8,
- 0x6e95e665,0xe6ffaa7e,0xcfbc2108,0xe815efe6,
- 0x9be7bad9,0x366f4ace,0x099fead4,0x7cb029d6,
- 0xb2a431af,0x233f2a31,0x94a5c630,0x66a235c0,
- 0xbc4e7437,0xca82fca6,0xd090e0b0,0xd8a73315,
- 0x9804f14a,0xdaec41f7,0x50cd7f0e,0xf691172f,
- 0xd64d768d,0xb0ef434d,0x4daacc54,0x0496e4df,
- 0xb5d19ee3,0x886a4c1b,0x1f2cc1b8,0x5165467f,
- 0xea5e9d04,0x358c015d,0x7487fa73,0x410bfb2e,
- 0x1d67b35a,0xd2db9252,0x5610e933,0x47d66d13,
- 0x61d79a8c,0x0ca1377a,0x14f8598e,0x3c13eb89,
- 0x27a9ceee,0xc961b735,0xe51ce1ed,0xb1477a3c,
- 0xdfd29c59,0x73f2553f,0xce141879,0x37c773bf,
- 0xcdf753ea,0xaafd5f5b,0x6f3ddf14,0xdb447886,
- 0xf3afca81,0xc468b93e,0x3424382c,0x40a3c25f,
- 0xc31d1672,0x25e2bc0c,0x493c288b,0x950dff41,
- 0x01a83971,0xb30c08de,0xe4b4d89c,0xc1566490,
- 0x84cb7b61,0xb632d570,0x5c6c4874,0x57b8d042,
- },{ /* Before: itable[2] */
- 0xf45150a7,0x417e5365,0x171ac3a4,0x273a965e,
- 0xab3bcb6b,0x9d1ff145,0xfaacab58,0xe34b9303,
- 0x302055fa,0x76adf66d,0xcc889176,0x02f5254c,
- 0xe54ffcd7,0x2ac5d7cb,0x35268044,0x62b58fa3,
- 0xb1de495a,0xba25671b,0xea45980e,0xfe5de1c0,
- 0x2fc30275,0x4c8112f0,0x468da397,0xd36bc6f9,
- 0x8f03e75f,0x9215959c,0x6dbfeb7a,0x5295da59,
- 0xbed42d83,0x7458d321,0xe0492969,0xc98e44c8,
- 0xc2756a89,0x8ef47879,0x58996b3e,0xb927dd71,
- 0xe1beb64f,0x88f017ad,0x20c966ac,0xce7db43a,
- 0xdf63184a,0x1ae58231,0x51976033,0x5362457f,
- 0x64b1e077,0x6bbb84ae,0x81fe1ca0,0x08f9942b,
- 0x48705868,0x458f19fd,0xde94876c,0x7b52b7f8,
- 0x73ab23d3,0x4b72e202,0x1fe3578f,0x55662aab,
- 0xebb20728,0xb52f03c2,0xc5869a7b,0x37d3a508,
- 0x2830f287,0xbf23b2a5,0x0302ba6a,0x16ed5c82,
- 0xcf8a2b1c,0x79a792b4,0x07f3f0f2,0x694ea1e2,
- 0xda65cdf4,0x0506d5be,0x34d11f62,0xa6c48afe,
- 0x2e349d53,0xf3a2a055,0x8a0532e1,0xf6a475eb,
- 0x830b39ec,0x6040aaef,0x715e069f,0x6ebd5110,
- 0x213ef98a,0xdd963d06,0x3eddae05,0xe64d46bd,
- 0x5491b58d,0xc471055d,0x06046fd4,0x5060ff15,
- 0x981924fb,0xbdd697e9,0x4089cc43,0xd967779e,
- 0xe8b0bd42,0x8907888b,0x19e7385b,0xc879dbee,
- 0x7ca1470a,0x427ce90f,0x84f8c91e,0x00000000,
- 0x80098386,0x2b3248ed,0x111eac70,0x5a6c4e72,
- 0x0efdfbff,0x850f5638,0xae3d1ed5,0x2d362739,
- 0x0f0a64d9,0x5c6821a6,0x5b9bd154,0x36243a2e,
- 0x0a0cb167,0x57930fe7,0xeeb4d296,0x9b1b9e91,
- 0xc0804fc5,0xdc61a220,0x775a694b,0x121c161a,
- 0x93e20aba,0xa0c0e52a,0x223c43e0,0x1b121d17,
- 0x090e0b0d,0x8bf2adc7,0xb62db9a8,0x1e14c8a9,
- 0xf1578519,0x75af4c07,0x99eebbdd,0x7fa3fd60,
- 0x01f79f26,0x725cbcf5,0x6644c53b,0xfb5b347e,
- 0x438b7629,0x23cbdcc6,0xedb668fc,0xe4b863f1,
- 0x31d7cadc,0x63421085,0x97134022,0xc6842011,
- 0x4a857d24,0xbbd2f83d,0xf9ae1132,0x29c76da1,
- 0x9e1d4b2f,0xb2dcf330,0x860dec52,0xc177d0e3,
- 0xb32b6c16,0x70a999b9,0x9411fa48,0xe9472264,
- 0xfca8c48c,0xf0a01a3f,0x7d56d82c,0x3322ef90,
- 0x4987c74e,0x38d9c1d1,0xca8cfea2,0xd498360b,
- 0xf5a6cf81,0x7aa528de,0xb7da268e,0xad3fa4bf,
- 0x3a2ce49d,0x78500d92,0x5f6a9bcc,0x7e546246,
- 0x8df6c213,0xd890e8b8,0x392e5ef7,0xc382f5af,
- 0x5d9fbe80,0xd0697c93,0xd56fa92d,0x25cfb312,
- 0xacc83b99,0x1810a77d,0x9ce86e63,0x3bdb7bbb,
- 0x26cd0978,0x596ef418,0x9aec01b7,0x4f83a89a,
- 0x95e6656e,0xffaa7ee6,0xbc2108cf,0x15efe6e8,
- 0xe7bad99b,0x6f4ace36,0x9fead409,0xb029d67c,
- 0xa431afb2,0x3f2a3123,0xa5c63094,0xa235c066,
- 0x4e7437bc,0x82fca6ca,0x90e0b0d0,0xa73315d8,
- 0x04f14a98,0xec41f7da,0xcd7f0e50,0x91172ff6,
- 0x4d768dd6,0xef434db0,0xaacc544d,0x96e4df04,
- 0xd19ee3b5,0x6a4c1b88,0x2cc1b81f,0x65467f51,
- 0x5e9d04ea,0x8c015d35,0x87fa7374,0x0bfb2e41,
- 0x67b35a1d,0xdb9252d2,0x10e93356,0xd66d1347,
- 0xd79a8c61,0xa1377a0c,0xf8598e14,0x13eb893c,
- 0xa9ceee27,0x61b735c9,0x1ce1ede5,0x477a3cb1,
- 0xd29c59df,0xf2553f73,0x141879ce,0xc773bf37,
- 0xf753eacd,0xfd5f5baa,0x3ddf146f,0x447886db,
- 0xafca81f3,0x68b93ec4,0x24382c34,0xa3c25f40,
- 0x1d1672c3,0xe2bc0c25,0x3c288b49,0x0dff4195,
- 0xa8397101,0x0c08deb3,0xb4d89ce4,0x566490c1,
- 0xcb7b6184,0x32d570b6,0x6c48745c,0xb8d04257,
- },{ /* Before: itable[3] */
- 0x5150a7f4,0x7e536541,0x1ac3a417,0x3a965e27,
- 0x3bcb6bab,0x1ff1459d,0xacab58fa,0x4b9303e3,
- 0x2055fa30,0xadf66d76,0x889176cc,0xf5254c02,
- 0x4ffcd7e5,0xc5d7cb2a,0x26804435,0xb58fa362,
- 0xde495ab1,0x25671bba,0x45980eea,0x5de1c0fe,
- 0xc302752f,0x8112f04c,0x8da39746,0x6bc6f9d3,
- 0x03e75f8f,0x15959c92,0xbfeb7a6d,0x95da5952,
- 0xd42d83be,0x58d32174,0x492969e0,0x8e44c8c9,
- 0x756a89c2,0xf478798e,0x996b3e58,0x27dd71b9,
- 0xbeb64fe1,0xf017ad88,0xc966ac20,0x7db43ace,
- 0x63184adf,0xe582311a,0x97603351,0x62457f53,
- 0xb1e07764,0xbb84ae6b,0xfe1ca081,0xf9942b08,
- 0x70586848,0x8f19fd45,0x94876cde,0x52b7f87b,
- 0xab23d373,0x72e2024b,0xe3578f1f,0x662aab55,
- 0xb20728eb,0x2f03c2b5,0x869a7bc5,0xd3a50837,
- 0x30f28728,0x23b2a5bf,0x02ba6a03,0xed5c8216,
- 0x8a2b1ccf,0xa792b479,0xf3f0f207,0x4ea1e269,
- 0x65cdf4da,0x06d5be05,0xd11f6234,0xc48afea6,
- 0x349d532e,0xa2a055f3,0x0532e18a,0xa475ebf6,
- 0x0b39ec83,0x40aaef60,0x5e069f71,0xbd51106e,
- 0x3ef98a21,0x963d06dd,0xddae053e,0x4d46bde6,
- 0x91b58d54,0x71055dc4,0x046fd406,0x60ff1550,
- 0x1924fb98,0xd697e9bd,0x89cc4340,0x67779ed9,
- 0xb0bd42e8,0x07888b89,0xe7385b19,0x79dbeec8,
- 0xa1470a7c,0x7ce90f42,0xf8c91e84,0x00000000,
- 0x09838680,0x3248ed2b,0x1eac7011,0x6c4e725a,
- 0xfdfbff0e,0x0f563885,0x3d1ed5ae,0x3627392d,
- 0x0a64d90f,0x6821a65c,0x9bd1545b,0x243a2e36,
- 0x0cb1670a,0x930fe757,0xb4d296ee,0x1b9e919b,
- 0x804fc5c0,0x61a220dc,0x5a694b77,0x1c161a12,
- 0xe20aba93,0xc0e52aa0,0x3c43e022,0x121d171b,
- 0x0e0b0d09,0xf2adc78b,0x2db9a8b6,0x14c8a91e,
- 0x578519f1,0xaf4c0775,0xeebbdd99,0xa3fd607f,
- 0xf79f2601,0x5cbcf572,0x44c53b66,0x5b347efb,
- 0x8b762943,0xcbdcc623,0xb668fced,0xb863f1e4,
- 0xd7cadc31,0x42108563,0x13402297,0x842011c6,
- 0x857d244a,0xd2f83dbb,0xae1132f9,0xc76da129,
- 0x1d4b2f9e,0xdcf330b2,0x0dec5286,0x77d0e3c1,
- 0x2b6c16b3,0xa999b970,0x11fa4894,0x472264e9,
- 0xa8c48cfc,0xa01a3ff0,0x56d82c7d,0x22ef9033,
- 0x87c74e49,0xd9c1d138,0x8cfea2ca,0x98360bd4,
- 0xa6cf81f5,0xa528de7a,0xda268eb7,0x3fa4bfad,
- 0x2ce49d3a,0x500d9278,0x6a9bcc5f,0x5462467e,
- 0xf6c2138d,0x90e8b8d8,0x2e5ef739,0x82f5afc3,
- 0x9fbe805d,0x697c93d0,0x6fa92dd5,0xcfb31225,
- 0xc83b99ac,0x10a77d18,0xe86e639c,0xdb7bbb3b,
- 0xcd097826,0x6ef41859,0xec01b79a,0x83a89a4f,
- 0xe6656e95,0xaa7ee6ff,0x2108cfbc,0xefe6e815,
- 0xbad99be7,0x4ace366f,0xead4099f,0x29d67cb0,
- 0x31afb2a4,0x2a31233f,0xc63094a5,0x35c066a2,
- 0x7437bc4e,0xfca6ca82,0xe0b0d090,0x3315d8a7,
- 0xf14a9804,0x41f7daec,0x7f0e50cd,0x172ff691,
- 0x768dd64d,0x434db0ef,0xcc544daa,0xe4df0496,
- 0x9ee3b5d1,0x4c1b886a,0xc1b81f2c,0x467f5165,
- 0x9d04ea5e,0x015d358c,0xfa737487,0xfb2e410b,
- 0xb35a1d67,0x9252d2db,0xe9335610,0x6d1347d6,
- 0x9a8c61d7,0x377a0ca1,0x598e14f8,0xeb893c13,
- 0xceee27a9,0xb735c961,0xe1ede51c,0x7a3cb147,
- 0x9c59dfd2,0x553f73f2,0x1879ce14,0x73bf37c7,
- 0x53eacdf7,0x5f5baafd,0xdf146f3d,0x7886db44,
- 0xca81f3af,0xb93ec468,0x382c3424,0xc25f40a3,
- 0x1672c31d,0xbc0c25e2,0x288b493c,0xff41950d,
- 0x397101a8,0x08deb30c,0xd89ce4b4,0x6490c156,
- 0x7b6184cb,0xd570b632,0x48745c6c,0xd04257b8,
- },
-#endif /* !AES_SMALL */
- }
- };
-
void
aes_decrypt(const struct aes_ctx *ctx,
size_t length, uint8_t *dst,
@@ -364,33 +58,3 @@ aes_decrypt(const struct aes_ctx *ctx,
break;
}
}
-
-void
-aes128_decrypt(const struct aes128_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_aes_decrypt_table,
- length, dst, src);
-}
-
-void
-aes192_decrypt(const struct aes192_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_aes_decrypt_table,
- length, dst, src);
-}
-
-void
-aes256_decrypt(const struct aes256_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_aes_decrypt_table,
- length, dst, src);
-}
Index: nettle-3.7.3/aes-encrypt.c
===================================================================
--- nettle-3.7.3.orig/aes-encrypt.c
+++ nettle-3.7.3/aes-encrypt.c
@@ -35,7 +35,6 @@
# include "config.h"
#endif
-#include <assert.h>
#include <stdlib.h>
#include "aes-internal.h"
@@ -62,33 +61,3 @@ aes_encrypt(const struct aes_ctx *ctx,
break;
}
}
-
-void
-aes128_encrypt(const struct aes128_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
- length, dst, src);
-}
-
-void
-aes192_encrypt(const struct aes192_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
- length, dst, src);
-}
-
-void
-aes256_encrypt(const struct aes256_ctx *ctx,
- size_t length, uint8_t *dst,
- const uint8_t *src)
-{
- assert(!(length % AES_BLOCK_SIZE) );
- _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
- length, dst, src);
-}
Index: nettle-3.7.3/aes-internal.h
===================================================================
--- nettle-3.7.3.orig/aes-internal.h
+++ nettle-3.7.3/aes-internal.h
@@ -96,9 +96,8 @@ _nettle_aes_decrypt(unsigned rounds, con
| ((uint32_t) T->sbox[ B2(w2) ] << 16) \
| ((uint32_t) T->sbox[ B3(w3) ] << 24)) ^ (k))
-/* Globally visible so that the same sbox table can be used by aes_set_encrypt_key */
-
extern const struct aes_table _nettle_aes_encrypt_table;
#define aes_sbox (_nettle_aes_encrypt_table.sbox)
+extern const struct aes_table _nettle_aes_decrypt_table;
#endif /* NETTLE_AES_INTERNAL_H_INCLUDED */
Index: nettle-3.7.3/aes128-decrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes128-decrypt.c
@@ -0,0 +1,59 @@
+/* aes128-decrypt.c
+
+ Decryption function for aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes128_decrypt
+void
+_nettle_aes128_decrypt_c(const struct aes128_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes128_decrypt _nettle_aes128_decrypt_c
+#endif
+
+void
+nettle_aes128_decrypt(const struct aes128_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_decrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/aes128-encrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes128-encrypt.c
@@ -0,0 +1,59 @@
+/* aes128-encrypt.c
+
+ Encryption function for the aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes128_encrypt
+void
+_nettle_aes128_encrypt_c(const struct aes128_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes128_encrypt _nettle_aes128_encrypt_c
+#endif
+
+void
+nettle_aes128_encrypt(const struct aes128_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_encrypt(_AES128_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/aes192-decrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes192-decrypt.c
@@ -0,0 +1,59 @@
+/* aes192-decrypt.c
+
+ Decryption function for aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes192_decrypt
+void
+_nettle_aes192_decrypt_c(const struct aes192_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes192_decrypt _nettle_aes192_decrypt_c
+#endif
+
+void
+nettle_aes192_decrypt(const struct aes192_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_decrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/aes192-encrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes192-encrypt.c
@@ -0,0 +1,59 @@
+/* aes192-encrypt.c
+
+ Encryption function for the aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes192_encrypt
+void
+_nettle_aes192_encrypt_c(const struct aes192_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes192_encrypt _nettle_aes192_encrypt_c
+#endif
+
+void
+nettle_aes192_encrypt(const struct aes192_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_encrypt(_AES192_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/aes256-decrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes256-decrypt.c
@@ -0,0 +1,59 @@
+/* aes256-decrypt.c
+
+ Decryption function for aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes256_decrypt
+void
+_nettle_aes256_decrypt_c(const struct aes256_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes256_decrypt _nettle_aes256_decrypt_c
+#endif
+
+void
+nettle_aes256_decrypt(const struct aes256_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_decrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_decrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/aes256-encrypt.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/aes256-encrypt.c
@@ -0,0 +1,59 @@
+/* aes256-encrypt.c
+
+ Encryption function for the aes/rijndael block cipher.
+
+ Copyright (C) 2002, 2013 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "aes-internal.h"
+
+/* For fat builds */
+#if HAVE_NATIVE_aes256_encrypt
+void
+_nettle_aes256_encrypt_c(const struct aes256_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src);
+# define nettle_aes256_encrypt _nettle_aes256_encrypt_c
+#endif
+
+void
+nettle_aes256_encrypt(const struct aes256_ctx *ctx,
+ size_t length, uint8_t *dst,
+ const uint8_t *src)
+{
+ assert(!(length % AES_BLOCK_SIZE) );
+ _nettle_aes_encrypt(_AES256_ROUNDS, ctx->keys, &_nettle_aes_encrypt_table,
+ length, dst, src);
+}
Index: nettle-3.7.3/s390x/machine.m4
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/machine.m4
@@ -0,0 +1,38 @@
+C Register usage:
+define(`RA', `%r14') C Return address
+define(`SP', `%r15') C Stack pointer
+
+define(`STANDARD_STACK_FRAME',`160')
+
+C Dynamic stack space allocation
+C AP is a general register to which the allocated space is assigned
+C SPACE_LEN is the length of space, must be a multiple of 8
+C FREE_STACK macro can be used to free the allocated space
+C ALLOC_STACK(AP, SPACE_LEN)
+define(`ALLOC_STACK',
+`lgr $1,SP
+ aghi SP,-(STANDARD_STACK_FRAME+$2)
+ stg $1,0(SP)
+ la $1,STANDARD_STACK_FRAME (SP)')
+
+C Free allocated stack space
+C FREE_STACK(SPACE_LEN)
+define(`FREE_STACK',
+`aghi SP,STANDARD_STACK_FRAME+$1')
+
+C XOR contents of two areas in storage with specific length
+C DST: The destination area of storage
+C SRC: The source area of storage
+C LEN: The length of storage area. LEN <= 256
+C TMP_ADDR: A temporary register that handles the XOR instrcution address
+C All parameters are general registers and cannot be assigned to
+C general register 0
+C XOR_LEN(DST, SRC, LEN, TMP_ADDR)
+define(`XOR_LEN',
+`larl $4,18f
+ aghi $3,-1
+ jm 19f
+ ex $3,0($4)
+ j 19f
+18: xc 0(1,$1),0($2)
+19:')
Index: nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x1/aes128-decrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x1/aes128-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-128 function.
+C The parameter block used for the KM-AES-128 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (16 bytes) |
+C *----------------------------------------------*
+
+.file "aes128-decrypt.asm"
+
+.text
+
+C void
+C aes128_decrypt(const struct aes128_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes128_decrypt)
+ lghi %r0,128|18 C KM function code (KM-AES-128), enable modifier bit to perform decryption operation
+ lgr %r1,%r2 C parameter block: byte offsets 0-15 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes128_decrypt)
Index: nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x1/aes128-encrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x1/aes128-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-128 function.
+C The parameter block used for the KM-AES-128 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (16 bytes) |
+C *----------------------------------------------*
+
+.file "aes128-encrypt.asm"
+
+.text
+
+C void
+C aes128_encrypt(const struct aes128_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes128_encrypt)
+ lghi %r0,18 C KM function code (KM-AES-128)
+ lgr %r1,%r2 C parameter block: byte offsets 0-15 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes128_encrypt)
Index: nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x1/aes128-set-decrypt-key.asm
@@ -0,0 +1,52 @@
+C s390x/msa_x1/aes128-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes128-set-decrypt-key.asm"
+
+.text
+
+C void
+C aes128_invert_key(struct aes128_ctx *dst, const struct aes128_ctx *src)
+
+PROLOGUE(nettle_aes128_invert_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes)
+ br RA
+EPILOGUE(nettle_aes128_invert_key)
+
+C void
+C aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes128_set_decrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes)
+ br RA
+EPILOGUE(nettle_aes128_set_decrypt_key)
Index: nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x1/aes128-set-encrypt-key.asm
@@ -0,0 +1,43 @@
+C s390x/msa_x1/aes128-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes128-set-encrypt-key.asm"
+
+.text
+
+C void
+C aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes128_set_encrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(16,%r2),0(%r3) C copy Cryptographic Key (16 bytes)
+ br RA
+EPILOGUE(nettle_aes128_set_encrypt_key)
Index: nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes192-decrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x2/aes192-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-192 function.
+C The parameter block used for the KM-AES-192 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (24 bytes) |
+C *----------------------------------------------*
+
+.file "aes192-decrypt.asm"
+
+.text
+
+C void
+C aes192_decrypt(const struct aes192_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes192_decrypt)
+ lghi %r0,128|19 C KM function code (KM-AES-192), enable modifier bit to perform decryption operation
+ lgr %r1,%r2 C parameter block: byte offsets 0-23 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes192_decrypt)
Index: nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes192-encrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x2/aes192-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-192 function.
+C The parameter block used for the KM-AES-192 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (24 bytes) |
+C *----------------------------------------------*
+
+.file "aes192-encrypt.asm"
+
+.text
+
+C void
+C aes192_encrypt(const struct aes192_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes192_encrypt)
+ lghi %r0,19 C KM function code (KM-AES-192)
+ lgr %r1,%r2 C parameter block: byte offsets 0-23 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes192_encrypt)
Index: nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes192-set-decrypt-key.asm
@@ -0,0 +1,52 @@
+C s390x/msa_x2/aes192-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes192-set-decrypt-key.asm"
+
+.text
+
+C void
+C aes192_invert_key(struct aes192_ctx *dst, const struct aes192_ctx *src)
+
+PROLOGUE(nettle_aes192_invert_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes)
+ br RA
+EPILOGUE(nettle_aes192_invert_key)
+
+C void
+C aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes192_set_decrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes)
+ br RA
+EPILOGUE(nettle_aes192_set_decrypt_key)
Index: nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes192-set-encrypt-key.asm
@@ -0,0 +1,43 @@
+C s390x/msa_x2/aes192-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes192-set-encrypt-key.asm"
+
+.text
+
+C void
+C aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes192_set_encrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(24,%r2),0(%r3) C copy Cryptographic Key (24 bytes)
+ br RA
+EPILOGUE(nettle_aes192_set_encrypt_key)
Index: nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes256-decrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x2/aes256-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-256 function.
+C The parameter block used for the KM-AES-256 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (32 bytes) |
+C *----------------------------------------------*
+
+.file "aes256-decrypt.asm"
+
+.text
+
+C void
+C aes256_decrypt(const struct aes256_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes256_decrypt)
+ lghi %r0,128|20 C KM function code (KM-AES-256), enable modifier bit to perform decryption operation
+ lgr %r1,%r2 C parameter block: byte offsets 0-31 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes256_decrypt)
Index: nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes256-encrypt.asm
@@ -0,0 +1,60 @@
+C s390x/msa_x2/aes256-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KM (CIPHER MESSAGE) is specefied in "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C The second operand is ciphered as specified by the function code using a cryptographic
+C key in the parameter block, and the result is placed in the first-operand location.
+
+C This implementation uses KM-AES-256 function.
+C The parameter block used for the KM-AES-256 function has the following format:
+C *----------------------------------------------*
+C | Cryptographic Key (32 bytes) |
+C *----------------------------------------------*
+
+.file "aes256-encrypt.asm"
+
+.text
+
+C void
+C aes256_encrypt(const struct aes256_ctx *ctx,
+C size_t length, uint8_t *dst,
+C const uint8_t *src)
+
+PROLOGUE(nettle_aes256_encrypt)
+ lghi %r0,20 C KM function code (KM-AES-256)
+ lgr %r1,%r2 C parameter block: byte offsets 0-31 Cryptographic Key
+ lgr %r2,%r5
+1: .long 0xb92e0042 C km %r4,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ br RA
+EPILOGUE(nettle_aes256_encrypt)
Index: nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes256-set-decrypt-key.asm
@@ -0,0 +1,52 @@
+C s390x/msa_x2/aes256-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes256-set-decrypt-key.asm"
+
+.text
+
+C void
+C aes256_invert_key(struct aes256_ctx *dst, const struct aes256_ctx *src)
+
+PROLOGUE(nettle_aes256_invert_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes)
+ br RA
+EPILOGUE(nettle_aes256_invert_key)
+
+C void
+C aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes256_set_decrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes)
+ br RA
+EPILOGUE(nettle_aes256_set_decrypt_key)
Index: nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/aes256-set-encrypt-key.asm
@@ -0,0 +1,43 @@
+C s390x/msa_x2/aes256-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "aes256-set-encrypt-key.asm"
+
+.text
+
+C void
+C aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
+
+PROLOGUE(nettle_aes256_set_encrypt_key)
+ C AES cipher functions only need the raw cryptographic key so just copy it to AES context
+ mvc 0(32,%r2),0(%r3) C copy Cryptographic Key (32 bytes)
+ br RA
+EPILOGUE(nettle_aes256_set_encrypt_key)
Index: nettle-3.7.3/s390x/msa_x4/gcm-hash.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x4/gcm-hash.asm
@@ -0,0 +1,99 @@
+C s390x/msa_x4/gcm-hash.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C the second operand is processed as specified by the function code using an initial chaining value in
+C the parameter block, and the result replaces the chaining value.
+
+C This implementation uses KIMD-GHASH function.
+C The parameter block used for the KIMD-GHASH function has the following format:
+C *----------------------------------------------*
+C | Initial Chaining Value (16 bytes) |
+C |----------------------------------------------|
+C | Hash Subkey (16 bytes) |
+C *----------------------------------------------*
+
+C Size of parameter block
+define(`PB_SIZE', `32')
+
+C gcm_set_key() assigns H value in the middle element of the table
+define(`H_idx', `128*16')
+
+.file "gcm-hash.asm"
+
+.text
+
+C void gcm_init_key (union gcm_block *table)
+
+PROLOGUE(_nettle_gcm_init_key)
+ C Except for Hash Subkey (H), KIMD-GHASH does not need any pre-computed values so just return to the caller.
+ br RA
+EPILOGUE(_nettle_gcm_init_key)
+
+C void gcm_hash (const struct gcm_key *key, union gcm_block *x,
+C size_t length, const uint8_t *data)
+
+PROLOGUE(_nettle_gcm_hash)
+ ldgr %f0,%r6 C load non-volatile general register 6 into volatile float-point register 0
+ C --- allocate a stack space for parameter block in addition to 16-byte buffer to handle leftover bytes ---
+ ALLOC_STACK(%r1,PB_SIZE+16) C parameter block (must be general register 1)
+ lgr %r6,%r3
+ mvc 0(16,%r1),0(%r3) C copy x Initial Chaining Value field
+ mvc 16(16,%r1),H_idx (%r2) C copy H to Hash Subkey field
+ lghi %r0,65 C GHASH function code (must be general register 0)
+ lgr %r2,%r5 C location of leftmost byte of data (must not be odd-numbered general register nor be general register 0)
+ C number of bytes (must be general register of data + 1). length must be a multiple of the data block size (16).
+ risbg %r3,%r4,0,187,0 C Insert bit offsets 0-59, bit offset 0 of the fourth operand is set to clear the remaining bits.
+1: .long 0xb93e0002 C kimd %r0,%r2
+ brc 1,1b C safely branch back in case of partial completion
+ C --- handle leftovers ---
+ risbg %r5,%r4,60,191,0 C Insert bit offsets 60-63 and clear the remaining bits.
+ jz 4f
+ lgr %r4,%r2
+ C --- copy the leftovers to allocated stack buffer and pad the remaining bytes with zero ---
+ la %r2,PB_SIZE (%r1)
+ lghi %r3,16
+2: mvcle %r2,%r4,0
+ brc 1,2b
+ aghi %r2,-16
+ aghi %r3,16
+3: .long 0xb93e0002 C kimd %r0,%r2
+ brc 1,3b C safely branch back in case of partial completion
+4:
+ mvc 0(16,%r6),0(%r1) C store x
+ xc 0(PB_SIZE+16,%r1),0(%r1) C wipe parameter block content and leftover bytes of data from stack
+ FREE_STACK(PB_SIZE+16)
+ lgdr %r6,%f0 C restore general register 6
+ br RA
+EPILOGUE(_nettle_gcm_hash)
Index: nettle-3.7.3/aes128-set-decrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes128-set-decrypt-key.c
+++ nettle-3.7.3/aes128-set-decrypt-key.c
@@ -40,14 +40,28 @@
#include "aes-internal.h"
#include "macros.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes128_invert_key
void
-aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src)
+_nettle_aes128_invert_key_c(struct aes128_ctx *dst,
+ const struct aes128_ctx *src);
+# define nettle_aes128_invert_key _nettle_aes128_invert_key_c
+#endif
+
+#if HAVE_NATIVE_aes128_set_decrypt_key
+void
+_nettle_aes128_set_decrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key);
+# define nettle_aes128_set_decrypt_key _nettle_aes128_set_decrypt_key_c
+#endif
+
+void
+nettle_aes128_invert_key (struct aes128_ctx *dst, const struct aes128_ctx *src)
{
_nettle_aes_invert (_AES128_ROUNDS, dst->keys, src->keys);
}
void
-aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
+nettle_aes128_set_decrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
{
aes128_set_encrypt_key (ctx, key);
aes128_invert_key (ctx, ctx);
Index: nettle-3.7.3/aes128-set-encrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes128-set-encrypt-key.c
+++ nettle-3.7.3/aes128-set-encrypt-key.c
@@ -37,8 +37,15 @@
#include "aes-internal.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes128_set_encrypt_key
void
-aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
+_nettle_aes128_set_encrypt_key_c(struct aes128_ctx *ctx, const uint8_t *key);
+# define nettle_aes128_set_encrypt_key _nettle_aes128_set_encrypt_key_c
+#endif
+
+void
+nettle_aes128_set_encrypt_key(struct aes128_ctx *ctx, const uint8_t *key)
{
_nettle_aes_set_key (_AES128_ROUNDS, AES128_KEY_SIZE / 4, ctx->keys, key);
}
Index: nettle-3.7.3/aes192-set-decrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes192-set-decrypt-key.c
+++ nettle-3.7.3/aes192-set-decrypt-key.c
@@ -38,14 +38,28 @@
#include "aes-internal.h"
#include "macros.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes192_invert_key
void
-aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src)
+_nettle_aes192_invert_key_c(struct aes192_ctx *dst,
+ const struct aes192_ctx *src);
+# define nettle_aes192_invert_key _nettle_aes192_invert_key_c
+#endif
+
+#if HAVE_NATIVE_aes192_set_decrypt_key
+void
+_nettle_aes192_set_decrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key);
+# define nettle_aes192_set_decrypt_key _nettle_aes192_set_decrypt_key_c
+#endif
+
+void
+nettle_aes192_invert_key (struct aes192_ctx *dst, const struct aes192_ctx *src)
{
_nettle_aes_invert (_AES192_ROUNDS, dst->keys, src->keys);
}
void
-aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
+nettle_aes192_set_decrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
{
aes192_set_encrypt_key (ctx, key);
aes192_invert_key (ctx, ctx);
Index: nettle-3.7.3/aes192-set-encrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes192-set-encrypt-key.c
+++ nettle-3.7.3/aes192-set-encrypt-key.c
@@ -37,8 +37,15 @@
#include "aes-internal.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes192_set_encrypt_key
void
-aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
+_nettle_aes192_set_encrypt_key_c(struct aes192_ctx *ctx, const uint8_t *key);
+# define nettle_aes192_set_encrypt_key _nettle_aes192_set_encrypt_key_c
+#endif
+
+void
+nettle_aes192_set_encrypt_key(struct aes192_ctx *ctx, const uint8_t *key)
{
_nettle_aes_set_key (_AES192_ROUNDS, AES192_KEY_SIZE / 4, ctx->keys, key);
}
Index: nettle-3.7.3/aes256-set-decrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes256-set-decrypt-key.c
+++ nettle-3.7.3/aes256-set-decrypt-key.c
@@ -38,14 +38,28 @@
#include "aes-internal.h"
#include "macros.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes256_invert_key
void
-aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src)
+_nettle_aes256_invert_key_c(struct aes256_ctx *dst,
+ const struct aes256_ctx *src);
+# define nettle_aes256_invert_key _nettle_aes256_invert_key_c
+#endif
+
+#if HAVE_NATIVE_aes256_set_decrypt_key
+void
+_nettle_aes256_set_decrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key);
+# define nettle_aes256_set_decrypt_key _nettle_aes256_set_decrypt_key_c
+#endif
+
+void
+nettle_aes256_invert_key (struct aes256_ctx *dst, const struct aes256_ctx *src)
{
_nettle_aes_invert (_AES256_ROUNDS, dst->keys, src->keys);
}
void
-aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
+nettle_aes256_set_decrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
{
aes256_set_encrypt_key (ctx, key);
aes256_invert_key (ctx, ctx);
Index: nettle-3.7.3/aes256-set-encrypt-key.c
===================================================================
--- nettle-3.7.3.orig/aes256-set-encrypt-key.c
+++ nettle-3.7.3/aes256-set-encrypt-key.c
@@ -37,8 +37,15 @@
#include "aes-internal.h"
+/* For fat builds */
+#if HAVE_NATIVE_aes256_set_encrypt_key
void
-aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
+_nettle_aes256_set_encrypt_key_c(struct aes256_ctx *ctx, const uint8_t *key);
+# define nettle_aes256_set_encrypt_key _nettle_aes256_set_encrypt_key_c
+#endif
+
+void
+nettle_aes256_set_encrypt_key(struct aes256_ctx *ctx, const uint8_t *key)
{
_nettle_aes_set_key (_AES256_ROUNDS, AES256_KEY_SIZE / 4, ctx->keys, key);
}
Index: nettle-3.7.3/fat-s390x.c
===================================================================
--- /dev/null
+++ nettle-3.7.3/fat-s390x.c
@@ -0,0 +1,485 @@
+/* fat-s390x.c
+
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#define _GNU_SOURCE
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 16)
+# define USE_GETAUXVAL 1
+# include <sys/auxv.h>
+# endif
+#endif
+
+#include "nettle-types.h"
+
+#include "memxor.h"
+#include "aes.h"
+#include "gcm.h"
+#include "gcm-internal.h"
+#include "fat-setup.h"
+
+/* Max number of doublewords returned by STFLE */
+#define FACILITY_DOUBLEWORDS_MAX 3
+#define FACILITY_INDEX(bit) ((bit) / 64)
+/* STFLE and cipher query store doublewords as bit-reversed.
+ reverse facility bit or function code in doubleword */
+#define FACILITY_BIT(bit) (1ULL << (63 - (bit) % 64))
+
+/* Define from arch/s390/include/asm/elf.h in Linux kernel */
+#ifndef HWCAP_S390_STFLE
+#define HWCAP_S390_STFLE 4
+#endif
+
+/* Facility bits */
+#define FAC_VF 129 /* vector facility */
+#define FAC_MSA 17 /* message-security assist */
+#define FAC_MSA_X4 77 /* message-security-assist extension 4 */
+
+/* Function codes */
+#define AES_128_CODE 18
+#define AES_192_CODE 19
+#define AES_256_CODE 20
+#define SHA_1_CODE 1
+#define SHA_256_CODE 2
+#define SHA_512_CODE 3
+#define GHASH_CODE 65
+
+struct s390x_features
+{
+ int have_vector_facility;
+ int have_km_aes128;
+ int have_km_aes192;
+ int have_km_aes256;
+ int have_kimd_sha_1;
+ int have_kimd_sha_256;
+ int have_kimd_sha_512;
+ int have_kimd_ghash;
+};
+
+void _nettle_stfle(uint64_t *facility, uint64_t facility_size);
+void _nettle_km_status(uint64_t *status);
+void _nettle_kimd_status(uint64_t *status);
+
+#define MATCH(s, slen, literal, llen) \
+ ((slen) == (llen) && memcmp ((s), (literal), llen) == 0)
+
+static void
+get_s390x_features (struct s390x_features *features)
+{
+ features->have_vector_facility = 0;
+ features->have_km_aes128 = 0;
+ features->have_km_aes192 = 0;
+ features->have_km_aes256 = 0;
+ features->have_kimd_sha_1 = 0;
+ features->have_kimd_sha_256 = 0;
+ features->have_kimd_sha_512 = 0;
+ features->have_kimd_ghash = 0;
+
+ const char *s = secure_getenv (ENV_OVERRIDE);
+ if (s)
+ for (;;)
+ {
+ const char *sep = strchr (s, ',');
+ size_t length = sep ? (size_t) (sep - s) : strlen(s);
+
+ if (MATCH (s, length, "vf", 2))
+ features->have_vector_facility = 1;
+ else if (MATCH (s, length, "msa", 3))
+ features->have_kimd_sha_1 = 1;
+ else if (MATCH (s, length, "msa_x1", 6))
+ {
+ features->have_km_aes128 = 1;
+ features->have_kimd_sha_256 = 1;
+ }
+ else if (MATCH (s, length, "msa_x2", 6))
+ {
+ features->have_km_aes192 = 1;
+ features->have_km_aes256 = 1;
+ features->have_kimd_sha_512 = 1;
+ }
+ else if (MATCH (s, length, "msa_x4", 6))
+ features->have_kimd_ghash = 1;
+ if (!sep)
+ break;
+ s = sep + 1;
+ }
+ else
+ {
+#if USE_GETAUXVAL
+ unsigned long hwcap = getauxval(AT_HWCAP);
+ if (hwcap & HWCAP_S390_STFLE)
+ {
+ uint64_t facilities[FACILITY_DOUBLEWORDS_MAX] = {0};
+ _nettle_stfle(facilities, FACILITY_DOUBLEWORDS_MAX);
+
+ if (facilities[FACILITY_INDEX(FAC_VF)] & FACILITY_BIT(FAC_VF))
+ features->have_vector_facility = 1;
+
+ if (facilities[FACILITY_INDEX(FAC_MSA)] & FACILITY_BIT(FAC_MSA))
+ {
+ uint64_t query_status[2] = {0};
+ _nettle_km_status(query_status);
+ if (query_status[FACILITY_INDEX(AES_128_CODE)] & FACILITY_BIT(AES_128_CODE))
+ features->have_km_aes128 = 1;
+ if (query_status[FACILITY_INDEX(AES_192_CODE)] & FACILITY_BIT(AES_192_CODE))
+ features->have_km_aes192 = 1;
+ if (query_status[FACILITY_INDEX(AES_256_CODE)] & FACILITY_BIT(AES_256_CODE))
+ features->have_km_aes256 = 1;
+
+ memset(query_status, 0, sizeof(query_status));
+ _nettle_kimd_status(query_status);
+ if (query_status[FACILITY_INDEX(SHA_1_CODE)] & FACILITY_BIT(SHA_1_CODE))
+ features->have_kimd_sha_1 = 1;
+ if (query_status[FACILITY_INDEX(SHA_256_CODE)] & FACILITY_BIT(SHA_256_CODE))
+ features->have_kimd_sha_256 = 1;
+ if (query_status[FACILITY_INDEX(SHA_512_CODE)] & FACILITY_BIT(SHA_512_CODE))
+ features->have_kimd_sha_512 = 1;
+ }
+
+ if (facilities[FACILITY_INDEX(FAC_MSA_X4)] & FACILITY_BIT(FAC_MSA_X4))
+ {
+ uint64_t query_status[2] = {0};
+ _nettle_kimd_status(query_status);
+ if (query_status[FACILITY_INDEX(GHASH_CODE)] & FACILITY_BIT(GHASH_CODE))
+ features->have_kimd_ghash = 1;
+ }
+ }
+#endif
+ }
+}
+
+/* MEMXOR3 */
+DECLARE_FAT_FUNC(nettle_memxor3, memxor3_func)
+DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, c)
+DECLARE_FAT_FUNC_VAR(memxor3, memxor3_func, s390x)
+
+/* AES128 */
+DECLARE_FAT_FUNC(nettle_aes128_set_encrypt_key, aes128_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_set_encrypt_key, aes128_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes128_set_decrypt_key, aes128_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_set_decrypt_key, aes128_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes128_invert_key, aes128_invert_key_func)
+DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_invert_key, aes128_invert_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes128_encrypt, aes128_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_encrypt, aes128_crypt_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes128_decrypt, aes128_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes128_decrypt, aes128_crypt_func, s390x)
+
+/* AES192 */
+DECLARE_FAT_FUNC(nettle_aes192_set_encrypt_key, aes192_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_set_encrypt_key, aes192_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes192_set_decrypt_key, aes192_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_set_decrypt_key, aes192_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes192_invert_key, aes192_invert_key_func)
+DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_invert_key, aes192_invert_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes192_encrypt, aes192_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_encrypt, aes192_crypt_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes192_decrypt, aes192_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes192_decrypt, aes192_crypt_func, s390x)
+
+/* AES256 */
+DECLARE_FAT_FUNC(nettle_aes256_set_encrypt_key, aes256_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_set_encrypt_key, aes256_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes256_set_decrypt_key, aes256_set_key_func)
+DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_set_decrypt_key, aes256_set_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes256_invert_key, aes256_invert_key_func)
+DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_invert_key, aes256_invert_key_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes256_encrypt, aes256_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_encrypt, aes256_crypt_func, s390x)
+DECLARE_FAT_FUNC(nettle_aes256_decrypt, aes256_crypt_func)
+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, c)
+DECLARE_FAT_FUNC_VAR(aes256_decrypt, aes256_crypt_func, s390x)
+
+/* GHASH */
+#if GCM_TABLE_BITS == 8
+DECLARE_FAT_FUNC(_nettle_gcm_init_key, gcm_init_key_func)
+DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, c)
+DECLARE_FAT_FUNC_VAR(gcm_init_key, gcm_init_key_func, s390x)
+
+DECLARE_FAT_FUNC(_nettle_gcm_hash, gcm_hash_func)
+DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, c)
+DECLARE_FAT_FUNC_VAR(gcm_hash, gcm_hash_func, s390x)
+#endif /* GCM_TABLE_BITS == 8 */
+
+DECLARE_FAT_FUNC(nettle_sha1_compress, sha1_compress_func)
+DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, c)
+DECLARE_FAT_FUNC_VAR(sha1_compress, sha1_compress_func, s390x)
+
+DECLARE_FAT_FUNC(_nettle_sha256_compress, sha256_compress_func)
+DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, c)
+DECLARE_FAT_FUNC_VAR(sha256_compress, sha256_compress_func, s390x)
+
+DECLARE_FAT_FUNC(_nettle_sha512_compress, sha512_compress_func)
+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, c)
+DECLARE_FAT_FUNC_VAR(sha512_compress, sha512_compress_func, s390x)
+
+static void CONSTRUCTOR
+fat_init (void)
+{
+ struct s390x_features features;
+ int verbose;
+
+ get_s390x_features (&features);
+ verbose = getenv (ENV_VERBOSE) != NULL;
+
+ /* MEMXOR3 */
+ if (features.have_vector_facility)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling vectorized memxor3.\n");
+ nettle_memxor3_vec = _nettle_memxor3_s390x;
+ }
+ else
+ {
+ nettle_memxor3_vec = _nettle_memxor3_c;
+ }
+
+ /* AES128 */
+ if (features.have_km_aes128)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated AES128 EBC mode.\n");
+ nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_s390x;
+ nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_s390x;
+ nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_s390x;
+ nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_s390x;
+ nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_s390x;
+ }
+ else
+ {
+ nettle_aes128_set_encrypt_key_vec = _nettle_aes128_set_encrypt_key_c;
+ nettle_aes128_set_decrypt_key_vec = _nettle_aes128_set_decrypt_key_c;
+ nettle_aes128_invert_key_vec = _nettle_aes128_invert_key_c;
+ nettle_aes128_encrypt_vec = _nettle_aes128_encrypt_c;
+ nettle_aes128_decrypt_vec = _nettle_aes128_decrypt_c;
+ }
+
+ /* AES192 */
+ if (features.have_km_aes192)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated AES192 EBC mode.\n");
+ nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_s390x;
+ nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_s390x;
+ nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_s390x;
+ nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_s390x;
+ nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_s390x;
+ }
+ else
+ {
+ nettle_aes192_set_encrypt_key_vec = _nettle_aes192_set_encrypt_key_c;
+ nettle_aes192_set_decrypt_key_vec = _nettle_aes192_set_decrypt_key_c;
+ nettle_aes192_invert_key_vec = _nettle_aes192_invert_key_c;
+ nettle_aes192_encrypt_vec = _nettle_aes192_encrypt_c;
+ nettle_aes192_decrypt_vec = _nettle_aes192_decrypt_c;
+ }
+
+ /* AES256 */
+ if (features.have_km_aes256)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated AES256 EBC mode.\n");
+ nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_s390x;
+ nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_s390x;
+ nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_s390x;
+ nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_s390x;
+ nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_s390x;
+ }
+ else
+ {
+ nettle_aes256_set_encrypt_key_vec = _nettle_aes256_set_encrypt_key_c;
+ nettle_aes256_set_decrypt_key_vec = _nettle_aes256_set_decrypt_key_c;
+ nettle_aes256_invert_key_vec = _nettle_aes256_invert_key_c;
+ nettle_aes256_encrypt_vec = _nettle_aes256_encrypt_c;
+ nettle_aes256_decrypt_vec = _nettle_aes256_decrypt_c;
+ }
+
+ /* GHASH */
+ if (features.have_kimd_ghash)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated GHASH.\n");
+ _nettle_gcm_init_key_vec = _nettle_gcm_init_key_s390x;
+ _nettle_gcm_hash_vec = _nettle_gcm_hash_s390x;
+ }
+ else
+ {
+ _nettle_gcm_init_key_vec = _nettle_gcm_init_key_c;
+ _nettle_gcm_hash_vec = _nettle_gcm_hash_c;
+ }
+
+ /* SHA1 */
+ if (features.have_kimd_sha_1)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated SHA1 compress code.\n");
+ nettle_sha1_compress_vec = _nettle_sha1_compress_s390x;
+ }
+ else
+ {
+ nettle_sha1_compress_vec = _nettle_sha1_compress_c;
+ }
+
+ /* SHA256 */
+ if (features.have_kimd_sha_256)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated SHA256 compress code.\n");
+ _nettle_sha256_compress_vec = _nettle_sha256_compress_s390x;
+ }
+ else
+ {
+ _nettle_sha256_compress_vec = _nettle_sha256_compress_c;
+ }
+
+ /* SHA512 */
+ if (features.have_kimd_sha_512)
+ {
+ if (verbose)
+ fprintf (stderr, "libnettle: enabling hardware accelerated SHA512 compress code.\n");
+ _nettle_sha512_compress_vec = _nettle_sha512_compress_s390x;
+ }
+ else
+ {
+ _nettle_sha512_compress_vec = _nettle_sha512_compress_c;
+ }
+}
+
+/* MEMXOR3 */
+DEFINE_FAT_FUNC(nettle_memxor3, void *,
+ (void *dst_in, const void *a_in, const void *b_in, size_t n),
+ (dst_in, a_in, b_in, n))
+
+/* AES128 */
+DEFINE_FAT_FUNC(nettle_aes128_set_encrypt_key, void,
+ (struct aes128_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes128_set_decrypt_key, void,
+ (struct aes128_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes128_invert_key, void,
+ (struct aes128_ctx *dst, const struct aes128_ctx *src),
+ (dst, src))
+DEFINE_FAT_FUNC(nettle_aes128_encrypt, void,
+ (const struct aes128_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes128_decrypt, void,
+ (const struct aes128_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+
+/* AES192 */
+DEFINE_FAT_FUNC(nettle_aes192_set_encrypt_key, void,
+ (struct aes192_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes192_set_decrypt_key, void,
+ (struct aes192_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes192_invert_key, void,
+ (struct aes192_ctx *dst, const struct aes192_ctx *src),
+ (dst, src))
+DEFINE_FAT_FUNC(nettle_aes192_encrypt, void,
+ (const struct aes192_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes192_decrypt, void,
+ (const struct aes192_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+
+/* AES256 */
+DEFINE_FAT_FUNC(nettle_aes256_set_encrypt_key, void,
+ (struct aes256_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes256_set_decrypt_key, void,
+ (struct aes256_ctx *ctx, const uint8_t *key),
+ (ctx, key))
+DEFINE_FAT_FUNC(nettle_aes256_invert_key, void,
+ (struct aes256_ctx *dst, const struct aes256_ctx *src),
+ (dst, src))
+DEFINE_FAT_FUNC(nettle_aes256_encrypt, void,
+ (const struct aes256_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+DEFINE_FAT_FUNC(nettle_aes256_decrypt, void,
+ (const struct aes256_ctx *ctx, size_t length,
+ uint8_t *dst,const uint8_t *src),
+ (ctx, length, dst, src))
+
+/* GHASH */
+#if GCM_TABLE_BITS == 8
+DEFINE_FAT_FUNC(_nettle_gcm_init_key, void,
+ (union nettle_block16 *table),
+ (table))
+DEFINE_FAT_FUNC(_nettle_gcm_hash, void,
+ (const struct gcm_key *key, union nettle_block16 *x,
+ size_t length, const uint8_t *data),
+ (key, x, length, data))
+#endif /* GCM_TABLE_BITS == 8 */
+
+/* SHA1 */
+DEFINE_FAT_FUNC(nettle_sha1_compress, void,
+ (uint32_t *state, const uint8_t *input),
+ (state, input))
+
+/* SHA256 */
+DEFINE_FAT_FUNC(_nettle_sha256_compress, void,
+ (uint32_t *state, const uint8_t *input, const uint32_t *k),
+ (state, input, k))
+
+/* SHA512 */
+DEFINE_FAT_FUNC(_nettle_sha512_compress, void,
+ (uint64_t *state, const uint8_t *input, const uint64_t *k),
+ (state, input, k))
Index: nettle-3.7.3/fat-setup.h
===================================================================
--- nettle-3.7.3.orig/fat-setup.h
+++ nettle-3.7.3/fat-setup.h
@@ -157,6 +157,7 @@ struct salsa20_ctx;
typedef void void_func (void);
+struct aes_table;
typedef void aes_crypt_internal_func (unsigned rounds, const uint32_t *keys,
const struct aes_table *T,
size_t length, uint8_t *dst,
@@ -169,6 +170,7 @@ typedef void gcm_hash_func (const struct
size_t length, const uint8_t *data);
typedef void *(memxor_func)(void *dst, const void *src, size_t n);
+typedef void *(memxor3_func)(void *dst_in, const void *a_in, const void *b_in, size_t n);
typedef void salsa20_core_func (uint32_t *dst, const uint32_t *src, unsigned rounds);
typedef void salsa20_crypt_func (struct salsa20_ctx *ctx, unsigned rounds,
@@ -193,3 +195,21 @@ typedef void chacha_crypt_func(struct ch
size_t length,
uint8_t *dst,
const uint8_t *src);
+
+struct aes128_ctx;
+typedef void aes128_set_key_func (struct aes128_ctx *ctx, const uint8_t *key);
+typedef void aes128_invert_key_func (struct aes128_ctx *dst, const struct aes128_ctx *src);
+typedef void aes128_crypt_func (const struct aes128_ctx *ctx, size_t length, uint8_t *dst,
+ const uint8_t *src);
+
+struct aes192_ctx;
+typedef void aes192_set_key_func (struct aes192_ctx *ctx, const uint8_t *key);
+typedef void aes192_invert_key_func (struct aes192_ctx *dst, const struct aes192_ctx *src);
+typedef void aes192_crypt_func (const struct aes192_ctx *ctx, size_t length, uint8_t *dst,
+ const uint8_t *src);
+
+struct aes256_ctx;
+typedef void aes256_set_key_func (struct aes256_ctx *ctx, const uint8_t *key);
+typedef void aes256_invert_key_func (struct aes256_ctx *dst, const struct aes256_ctx *src);
+typedef void aes256_crypt_func (const struct aes256_ctx *ctx, size_t length, uint8_t *dst,
+ const uint8_t *src);
Index: nettle-3.7.3/s390x/fat/gcm-hash.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/gcm-hash.asm
@@ -0,0 +1,38 @@
+C s390x/fat/gcm-hash.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl picked up by configure
+dnl PROLOGUE(_nettle_fat_gcm_init_key)
+dnl PROLOGUE(_nettle_fat_gcm_hash)
+
+define(`fat_transform', `$1_s390x')
+include_src(`s390x/msa_x4/gcm-hash.asm')
Index: nettle-3.7.3/s390x/fat/cpu-facility.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/cpu-facility.asm
@@ -0,0 +1,62 @@
+C s390x/fat/cpu-facility.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "cpu-facility.asm"
+
+.text
+
+C void _nettle_stfle(uint64_t *facility, uint64_t facility_size)
+
+PROLOGUE(_nettle_stfle)
+ lgr %r0,%r3 C facility_size
+ aghi %r0,-1 C facility_size - 1
+ .long 0xb2b02000 C stfle 0(%r2)
+ br RA
+EPILOGUE(_nettle_stfle)
+
+C void _nettle_km_status(uint64_t *status)
+
+PROLOGUE(_nettle_km_status)
+ lghi %r0,0 C query code
+ lgr %r1,%r2 C status
+ .long 0xb92e0022 C km %r2,%r2. Operands are ignored
+ br RA
+EPILOGUE(_nettle_km_status)
+
+C void _nettle_kimd_status(uint64_t *status)
+
+PROLOGUE(_nettle_kimd_status)
+ lghi %r0,0 C query code
+ lgr %r1,%r2 C status
+ .long 0xb93e0002 C kimd %r0,%r2. Operands are ignored
+ br RA
+EPILOGUE(_nettle_kimd_status)
Index: nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes128-decrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes128-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes128_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x1/aes128-decrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes128-encrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes128-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes128_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x1/aes128-encrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes128-set-decrypt-key-2.asm
@@ -0,0 +1,38 @@
+C s390x/fat/aes128-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl picked up by configure
+dnl PROLOGUE(nettle_aes128_invert_key)
+dnl PROLOGUE(nettle_aes128_set_decrypt_key)
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x1/aes128-set-decrypt-key.asm')
Index: nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes128-set-encrypt-key-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes128-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes128_set_encrypt_key) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x1/aes128-set-encrypt-key.asm')
Index: nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes192-decrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes192-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes192_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes192-decrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes192-encrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes192-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes192_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes192-encrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes192-set-decrypt-key-2.asm
@@ -0,0 +1,38 @@
+C s390x/fat/aes192-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl picked up by configure
+dnl PROLOGUE(nettle_aes192_invert_key)
+dnl PROLOGUE(nettle_aes192_set_decrypt_key)
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes192-set-decrypt-key.asm')
Index: nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes192-set-encrypt-key-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes192-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes192_set_encrypt_key) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes192-set-encrypt-key.asm')
Index: nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes256-decrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes256-decrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes256_decrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes256-decrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes256-encrypt-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes256-encrypt.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes256_encrypt) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes256-encrypt.asm')
Index: nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes256-set-decrypt-key-2.asm
@@ -0,0 +1,38 @@
+C s390x/fat/aes256-set-decrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl picked up by configure
+dnl PROLOGUE(nettle_aes256_invert_key)
+dnl PROLOGUE(nettle_aes256_set_decrypt_key)
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes256-set-decrypt-key.asm')
Index: nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/aes256-set-encrypt-key-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/aes256-set-encrypt-key.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_aes256_set_encrypt_key) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa_x2/aes256-set-encrypt-key.asm')
Index: nettle-3.7.3/s390x/memxor.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/memxor.asm
@@ -0,0 +1,52 @@
+C s390x/memxor.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "memxor.asm"
+
+.text
+
+C void * memxor(void *dst, const void *src, size_t n)
+
+PROLOGUE(nettle_memxor)
+ srlg %r5,%r4,8
+ clgije %r5,0,Llen
+L256_loop:
+ xc 0(256,%r2),0(%r3)
+ aghi %r2,256
+ aghi %r3,256
+ brctg %r5,L256_loop
+Llen:
+ risbg %r5,%r4,56,191,0
+ jz Ldone
+ XOR_LEN(%r2,%r3,%r5,%r1)
+Ldone:
+ br RA
+EPILOGUE(nettle_memxor)
Index: nettle-3.7.3/memxor3.c
===================================================================
--- nettle-3.7.3.orig/memxor3.c
+++ nettle-3.7.3/memxor3.c
@@ -45,6 +45,13 @@
#define WORD_T_THRESH 16
+/* For fat builds */
+#if HAVE_NATIVE_memxor3
+void *
+_nettle_memxor3_c(void *dst_in, const void *a_in, const void *b_in, size_t n);
+# define nettle_memxor3 _nettle_memxor3_c
+#endif
+
/* XOR word-aligned areas. n is the number of words, not bytes. */
static void
memxor3_common_alignment (word_t *dst,
@@ -236,7 +243,8 @@ memxor3_different_alignment_all (word_t
internally by cbc decrypt, and it is not advertised or documented
to nettle users. */
void *
-memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n)
+nettle_memxor3(void *dst_in, const void *a_in,
+ const void *b_in, size_t n)
{
unsigned char *dst = dst_in;
const unsigned char *a = a_in;
Index: nettle-3.7.3/s390x/fat/memxor3-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/memxor3-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/memxor3-2.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_memxor3) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/vf/memxor3.asm')
Index: nettle-3.7.3/s390x/vf/memxor3.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/vf/memxor3.asm
@@ -0,0 +1,85 @@
+C s390/memxor3.asm
+
+ifelse(`
+ Copyright (C) 2020 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+.file "memxor3.asm"
+
+.text
+.machine arch12
+
+C void * memxor3(void *dst_in, const void *a_in, const void *b_in, size_t n)
+
+PROLOGUE(nettle_memxor3)
+ agr %r2,%r5
+ agr %r3,%r5
+ agr %r4,%r5
+Lmod:
+ risbg %r1,%r5,60,191,0
+ jz L1x
+ sgr %r3,%r1
+ sgr %r4,%r1
+ sgr %r2,%r1
+ aghi %r1,-1 C highest index
+ vll %v24,%r1,0(%r3)
+ vll %v28,%r1,0(%r4)
+ vx %v24,%v24,%v28
+ vstl %v24,%r1,0(%r2)
+L1x:
+ risbg %r1,%r5,58,187,0
+ jz L4x
+ srlg %r1,%r1,4 C 1-block loop count 'n / 16'
+L1x_loop:
+ aghi %r3,-16
+ aghi %r4,-16
+ aghi %r2,-16
+ vl %v24,0(%r3),0
+ vl %v28,0(%r4),0
+ vx %v24,%v24,%v28
+ vst %v24,0(%r2),0
+ brctg %r1,L1x_loop
+L4x:
+ risbg %r1,%r5,0,185,0
+ jz Ldone
+ srlg %r1,%r1,6 C 4-blocks loop count 'n / (16 * 4)'
+L4x_loop:
+ aghi %r3,-64
+ aghi %r4,-64
+ aghi %r2,-64
+ vlm %v24,%v27,0(%r3),0
+ vlm %v28,%v31,0(%r4),0
+ vx %v24,%v24,%v28
+ vx %v25,%v25,%v29
+ vx %v26,%v26,%v30
+ vx %v27,%v27,%v31
+ vstm %v24,%v27,0(%r2),0
+ brctg %r1,L4x_loop
+Ldone:
+ br RA
+EPILOGUE(nettle_memxor3)
Index: nettle-3.7.3/s390x/fat/sha1-compress-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/sha1-compress-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/sha1-compress-2.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(nettle_sha1_compress) picked up by configure
+
+define(`fat_transform', `_$1_s390x')
+include_src(`s390x/msa/sha1-compress.asm')
Index: nettle-3.7.3/s390x/msa/sha1-compress.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa/sha1-compress.asm
@@ -0,0 +1,72 @@
+C s390x/msa/sha1-compress.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C the second operand is processed as specified by the function code using an initial chaining value in
+C the parameter block, and the result replaces the chaining value.
+
+C This implementation uses KIMD-SHA-1 function.
+C The parameter block used for the KIMD-SHA-1 function has the following format:
+C *----------------------------------------------*
+C | H0 (4 bytes) |
+C |----------------------------------------------|
+C | H1 (4 bytes) |
+C |----------------------------------------------|
+C | H2 (4 bytes) |
+C |----------------------------------------------|
+C | H3 (4 bytes) |
+C |----------------------------------------------|
+C | H4 (4 bytes) |
+C *----------------------------------------------*
+
+.file "sha1-compress.asm"
+
+.text
+
+C SHA function code
+define(`SHA1_FUNCTION_CODE', `1')
+C Size of block
+define(`SHA1_BLOCK_SIZE', `64')
+
+C void nettle_sha1_compress(uint32_t *state, const uint8_t *input)
+
+PROLOGUE(nettle_sha1_compress)
+ lghi %r0,SHA1_FUNCTION_CODE C FUNCTION_CODE
+ lgr %r1,%r2
+ lgr %r4,%r3
+ lghi %r5,SHA1_BLOCK_SIZE
+1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data
+ brc 1,1b
+ br RA
+EPILOGUE(nettle_sha1_compress)
Index: nettle-3.7.3/s390x/fat/sha256-compress-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/sha256-compress-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/sha256-compress-2.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(_nettle_sha256_compress) picked up by configure
+
+define(`fat_transform', `$1_s390x')
+include_src(`s390x/msa_x1/sha256-compress.asm')
Index: nettle-3.7.3/s390x/fat/sha512-compress-2.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/fat/sha512-compress-2.asm
@@ -0,0 +1,36 @@
+C s390x/fat/sha512-compress-2.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+dnl PROLOGUE(_nettle_sha512_compress) picked up by configure
+
+define(`fat_transform', `$1_s390x')
+include_src(`s390x/msa_x2/sha512-compress.asm')
Index: nettle-3.7.3/s390x/msa_x1/sha256-compress.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x1/sha256-compress.asm
@@ -0,0 +1,80 @@
+C s390x/msa_x1/sha256-compress.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C the second operand is processed as specified by the function code using an initial chaining value in
+C the parameter block, and the result replaces the chaining value.
+
+C This implementation uses KIMD-SHA-256 function.
+C The parameter block used for the KIMD-SHA-256 function has the following format:
+C *----------------------------------------------*
+C | H0 (4 bytes) |
+C |----------------------------------------------|
+C | H1 (4 bytes) |
+C |----------------------------------------------|
+C | H2 (4 bytes) |
+C |----------------------------------------------|
+C | H3 (4 bytes) |
+C |----------------------------------------------|
+C | H4 (4 bytes) |
+C |----------------------------------------------|
+C | H5 (4 bytes) |
+C |----------------------------------------------|
+C | H6 (4 bytes) |
+C |----------------------------------------------|
+C | H7 (4 bytes) |
+C *----------------------------------------------*
+
+.file "sha256-compress.asm"
+
+.text
+
+C SHA function code
+define(`SHA256_FUNCTION_CODE', `2')
+C Size of block
+define(`SHA256_BLOCK_SIZE', `64')
+
+C void
+C _nettle_sha256_compress(uint32_t *state, const uint8_t *input,
+C const uint32_t *k)
+
+PROLOGUE(_nettle_sha256_compress)
+ lghi %r0,SHA256_FUNCTION_CODE C SHA-256 Function Code
+ lgr %r1,%r2
+ lgr %r4,%r3
+ lghi %r5,SHA256_BLOCK_SIZE
+1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data
+ brc 1,1b
+ br RA
+EPILOGUE(_nettle_sha256_compress)
Index: nettle-3.7.3/s390x/msa_x2/sha512-compress.asm
===================================================================
--- /dev/null
+++ nettle-3.7.3/s390x/msa_x2/sha512-compress.asm
@@ -0,0 +1,80 @@
+C s390x/msa_x2/sha512-compress.asm
+
+ifelse(`
+ Copyright (C) 2021 Mamone Tarsha
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+')
+
+C KIMD (COMPUTE INTERMEDIATE MESSAGE DIGEST) is specefied in
+C "z/Architecture Principles of Operation SA22-7832-12" as follows:
+C A function specified by the function code in general register 0 is performed.
+C General register 1 contains the logical address of the leftmost byte of the parameter block in storage.
+C the second operand is processed as specified by the function code using an initial chaining value in
+C the parameter block, and the result replaces the chaining value.
+
+C This implementation uses KIMD-SHA-512 function.
+C The parameter block used for the KIMD-SHA-512 function has the following format:
+C *----------------------------------------------*
+C | H0 (8 bytes) |
+C |----------------------------------------------|
+C | H1 (8 bytes) |
+C |----------------------------------------------|
+C | H2 (8 bytes) |
+C |----------------------------------------------|
+C | H3 (8 bytes) |
+C |----------------------------------------------|
+C | H4 (8 bytes) |
+C |----------------------------------------------|
+C | H5 (8 bytes) |
+C |----------------------------------------------|
+C | H6 (8 bytes) |
+C |----------------------------------------------|
+C | H7 (8 bytes) |
+C *----------------------------------------------*
+
+.file "sha512-compress.asm"
+
+.text
+
+C SHA function code
+define(`SHA512_FUNCTION_CODE', `3')
+C Size of block
+define(`SHA512_BLOCK_SIZE', `128')
+
+C void
+C _nettle_sha512_compress(uint64_t *state, const uint8_t *input,
+C const uint64_t *k)
+
+PROLOGUE(_nettle_sha512_compress)
+ lghi %r0,SHA512_FUNCTION_CODE C SHA-512 Function Code
+ lgr %r1,%r2
+ lgr %r4,%r3
+ lghi %r5,SHA512_BLOCK_SIZE
+1: .long 0xb93e0004 C kimd %r0,%r4. perform KIMD-SHA operation on data
+ brc 1,1b
+ br RA
+EPILOGUE(_nettle_sha512_compress)
Reference in New Issue View Git Blame Copy Permalink