X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=inc%2Fbearssl_block.h;h=24f09ac3428c2f1d051eb236247aa1c6376bb320;hp=88f51b255320d8b746edae469e84bf892f072616;hb=8e86598b33f9df81d1f77d6cc32568d9ae119d67;hpb=db8f1b664524e3fbeea8a0730b2bbe2f0bdcea86 diff --git a/inc/bearssl_block.h b/inc/bearssl_block.h index 88f51b2..24f09ac 100644 --- a/inc/bearssl_block.h +++ b/inc/bearssl_block.h @@ -28,6 +28,10 @@ #include #include +#ifdef __cplusplus +extern "C" { +#endif + /** \file bearssl_block.h * * # Block Ciphers and Symmetric Ciphers @@ -255,9 +259,26 @@ * `chacha20_ct` is a straightforward implementation of ChaCha20 in * plain C; it is constant-time, small, and reasonably fast. * + * `chacha20_sse2` leverages SSE2 opcodes (on x86 architectures that + * support these opcodes). It is faster than `chacha20_ct`. + * * `poly1305_ctmul` is an implementation of the ChaCha20+Poly1305 AEAD * construction, where the Poly1305 part is performed with mixed 32-bit * multiplications (operands are 32-bit, result is 64-bit). + * + * `poly1305_ctmul32` implements ChaCha20+Poly1305 using pure 32-bit + * multiplications (32-bit operands, 32-bit result). It is slower than + * `poly1305_ctmul`, except on some specific architectures such as + * the ARM Cortex M0+. + * + * `poly1305_ctmulq` implements ChaCha20+Poly1305 with mixed 64-bit + * multiplications (operands are 64-bit, result is 128-bit) on 64-bit + * platforms that support such operations. + * + * `poly1305_i15` implements ChaCha20+Poly1305 with the generic "i15" + * big integer implementation. It is meant mostly for testing purposes, + * although it can help with saving a few hundred bytes of code footprint + * on systems where code size is scarce. */ /** @@ -1356,11 +1377,11 @@ uint32_t br_aes_pwr8_ctr_run(const br_aes_pwr8_ctr_keys *ctx, * available. * * This function returns a pointer to `br_aes_pwr8_cbcenc_vtable`, if - * that implementation was compiled in the library _and_ the x86 AES - * opcodes are available on the currently running CPU. If either of - * these conditions is not met, then this function returns `NULL`. + * that implementation was compiled in the library _and_ the POWER8 + * crypto opcodes are available on the currently running CPU. If either + * of these conditions is not met, then this function returns `NULL`. * - * \return the `aes_x868ni` AES-CBC (encryption) implementation, or `NULL`. + * \return the `aes_pwr8` AES-CBC (encryption) implementation, or `NULL`. */ const br_block_cbcenc_class *br_aes_pwr8_cbcenc_get_vtable(void); @@ -1369,23 +1390,23 @@ const br_block_cbcenc_class *br_aes_pwr8_cbcenc_get_vtable(void); * available. * * This function returns a pointer to `br_aes_pwr8_cbcdec_vtable`, if - * that implementation was compiled in the library _and_ the x86 AES - * opcodes are available on the currently running CPU. If either of - * these conditions is not met, then this function returns `NULL`. + * that implementation was compiled in the library _and_ the POWER8 + * crypto opcodes are available on the currently running CPU. If either + * of these conditions is not met, then this function returns `NULL`. * - * \return the `aes_x868ni` AES-CBC (decryption) implementation, or `NULL`. + * \return the `aes_pwr8` AES-CBC (decryption) implementation, or `NULL`. */ const br_block_cbcdec_class *br_aes_pwr8_cbcdec_get_vtable(void); /** * \brief Obtain the `aes_pwr8` AES-CTR implementation, if available. * - * This function returns a pointer to `br_aes_pwr8_ctr_vtable`, if - * that implementation was compiled in the library _and_ the x86 AES + * This function returns a pointer to `br_aes_pwr8_ctr_vtable`, if that + * implementation was compiled in the library _and_ the POWER8 crypto * opcodes are available on the currently running CPU. If either of * these conditions is not met, then this function returns `NULL`. * - * \return the `aes_x868ni` AES-CTR implementation, or `NULL`. + * \return the `aes_pwr8` AES-CTR implementation, or `NULL`. */ const br_block_ctr_class *br_aes_pwr8_ctr_get_vtable(void); @@ -1680,6 +1701,39 @@ typedef uint32_t (*br_chacha20_run)(const void *key, uint32_t br_chacha20_ct_run(const void *key, const void *iv, uint32_t cc, void *data, size_t len); +/** + * \brief ChaCha20 implementation (SSE2 code, constant-time). + * + * This implementation is available only on x86 platforms, depending on + * compiler support. Moreover, in 32-bit mode, it might not actually run, + * if the underlying hardware does not implement the SSE2 opcode (in + * 64-bit mode, SSE2 is part of the ABI, so if the code could be compiled + * at all, then it can run). Use `br_chacha20_sse2_get()` to safely obtain + * a pointer to that function. + * + * \see br_chacha20_run + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +uint32_t br_chacha20_sse2_run(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief Obtain the `sse2` ChaCha20 implementation, if available. + * + * This function returns a pointer to `br_chacha20_sse2_run`, if + * that implementation was compiled in the library _and_ the SSE2 + * opcodes are available on the currently running CPU. If either of + * these conditions is not met, then this function returns `0`. + * + * \return the `sse2` ChaCha20 implementation, or `0`. + */ +br_chacha20_run br_chacha20_sse2_get(void); + /** * \brief Type for a ChaCha20+Poly1305 AEAD implementation. * @@ -1768,4 +1822,42 @@ void br_poly1305_i15_run(const void *key, const void *iv, void *data, size_t len, const void *aad, size_t aad_len, void *tag, br_chacha20_run ichacha, int encrypt); +/** + * \brief ChaCha20+Poly1305 AEAD implementation (ctmulq). + * + * This implementation uses 64-bit multiplications (result over 128 bits). + * It is available only on platforms that offer such a primitive (in + * practice, 64-bit architectures). Use `br_poly1305_ctmulq_get()` to + * dynamically obtain a pointer to that function, or 0 if not supported. + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_ctmulq_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief Get the ChaCha20+Poly1305 "ctmulq" implementation, if available. + * + * This function returns a pointer to the `br_poly1305_ctmulq_run()` + * function if supported on the current platform; otherwise, it returns 0. + * + * \return the ctmulq ChaCha20+Poly1305 implementation, or 0. + */ +br_poly1305_run br_poly1305_ctmulq_get(void); + +#ifdef __cplusplus +} +#endif + #endif