5808703668

pending completion

Build # 5808703668

Build Type

Pull #418

github

Committed by

web-flow

Commit Message

Merge 4abdd0203 into 1575f26e8

Pull Request Pull Request #418: Add support for Hacl_AES_128_GCM_NI and Hacl_AES_128_GCM_M32

Run Details

7433 of 7433 new or added lines in 12 files covered. (100.0%)

31975 of 62256 relevant lines covered (51.36%)

1238863.46 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Hacl_AES_256_GCM_NI.c

/* MIT License
 *
 * Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
 * Copyright (c) 2022-2023 HACL* Contributors
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all
 * copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */


#include "Hacl_AES_256_GCM_NI.h"

void Hacl_AES_256_GCM_NI_aes256_gcm_init(Lib_IntVector_Intrinsics_vec128 *ctx, uint8_t *key)
{
  uint8_t gcm_key[16U] = { 0U };
  uint8_t nonce0[12U] = { 0U };
  Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
  Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;
  Hacl_AES_256_CTR32_NI_aes256_init(aes_ctx, key, nonce0);
  Hacl_AES_256_CTR32_NI_aes256_key_block(gcm_key, aes_ctx, (uint32_t)0U);
  Hacl_Gf128_NI_gcm_init(gcm_ctx, gcm_key);
}

void
Hacl_AES_256_GCM_NI_aes256_gcm_encrypt(
  Lib_IntVector_Intrinsics_vec128 *ctx,
  uint32_t len,
  uint8_t *out,
  uint8_t *text,
  uint32_t aad_len,
  uint8_t *aad,
  uint32_t iv_len,
  uint8_t *iv
)
{
  uint32_t ctr;
  uint8_t tag_mix0[16U] = { 0U };
  uint8_t gcm_key[16U] = { 0U };
  uint8_t tag_iv[16U] = { 0U };
  uint8_t size_iv[16U] = { 0U };
  uint8_t tag_mix1[16U] = { 0U };
  if (iv_len == (uint32_t)12U)
  {
    Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
    Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, iv);
    Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix0, aes_ctx, (uint32_t)1U);
    ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix0);
    ctr = (uint32_t)2U;
  }
  else
  {
    Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
    Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;
    Lib_IntVector_Intrinsics_vec128_store_be(gcm_key, gcm_ctx[4U]);
    Hacl_Gf128_NI_ghash(tag_iv, iv_len, iv, gcm_key);
    store64_be(size_iv + (uint32_t)8U, (uint64_t)(iv_len * (uint32_t)8U));
    KRML_MAYBE_FOR16(i,
      (uint32_t)0U,
      (uint32_t)16U,
      (uint32_t)1U,
      size_iv[i] = tag_iv[i] ^ size_iv[i];);
    Hacl_Gf128_NI_ghash(tag_iv, (uint32_t)16U, size_iv, gcm_key);
    Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, tag_iv);
    uint32_t u = load32_be(tag_iv + (uint32_t)12U);
    uint32_t ctr0 = u;
    Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix1, aes_ctx, ctr0);
    ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix1);
    ctr = ctr0 + (uint32_t)1U;
  }
  uint8_t *cip = out;
  Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
  Hacl_AES_256_CTR32_NI_aes256_ctr(len, cip, text, aes_ctx, ctr);
  Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;
  Lib_IntVector_Intrinsics_vec128 tag_mix = ctx[21U];
  gcm_ctx[0U] = Lib_IntVector_Intrinsics_vec128_zero;
  Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, aad_len, aad);
  Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, len, cip);
  uint8_t tmp[16U] = { 0U };
  store64_be(tmp, (uint64_t)(aad_len * (uint32_t)8U));
  store64_be(tmp + (uint32_t)8U, (uint64_t)(len * (uint32_t)8U));
  Hacl_Gf128_NI_gcm_update_blocks(gcm_ctx, (uint32_t)16U, tmp);
  Hacl_Gf128_NI_gcm_emit(tmp, gcm_ctx);
  Lib_IntVector_Intrinsics_vec128 tmp_vec = Lib_IntVector_Intrinsics_vec128_load128_le(tmp);
  Lib_IntVector_Intrinsics_vec128
  tmp_vec1 = Lib_IntVector_Intrinsics_vec128_xor(tmp_vec, tag_mix);
  Lib_IntVector_Intrinsics_vec128_store128_le(out + len, tmp_vec1);
}

bool
Hacl_AES_256_GCM_NI_aes256_gcm_decrypt(
  Lib_IntVector_Intrinsics_vec128 *ctx,
  uint32_t len,
  uint8_t *out,
  uint8_t *cipher,
  uint32_t aad_len,
  uint8_t *aad,
  uint32_t iv_len,
  uint8_t *iv
)
{
  uint8_t scratch[18U] = { 0U };
  uint8_t *text = scratch;
  uint8_t *result = scratch + (uint32_t)17U;
  uint8_t *ciphertext = cipher;
  uint8_t *tag = cipher + len;
  uint32_t ctr;
  uint8_t tag_mix0[16U] = { 0U };
  uint8_t gcm_key[16U] = { 0U };
  uint8_t tag_iv[16U] = { 0U };
  uint8_t size_iv[16U] = { 0U };
  uint8_t tag_mix1[16U] = { 0U };
  if (iv_len == (uint32_t)12U)
  {
    Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
    Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, iv);
    Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix0, aes_ctx, (uint32_t)1U);
    ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix0);
    ctr = (uint32_t)2U;
  }
  else
  {
    Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
    Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;
    Lib_IntVector_Intrinsics_vec128_store_be(gcm_key, gcm_ctx[4U]);
    Hacl_Gf128_NI_ghash(tag_iv, iv_len, iv, gcm_key);
    store64_be(size_iv + (uint32_t)8U, (uint64_t)(iv_len * (uint32_t)8U));
    KRML_MAYBE_FOR16(i,
      (uint32_t)0U,
      (uint32_t)16U,
      (uint32_t)1U,
      size_iv[i] = tag_iv[i] ^ size_iv[i];);
    Hacl_Gf128_NI_ghash(tag_iv, (uint32_t)16U, size_iv, gcm_key);
    Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, tag_iv);
    uint32_t u = load32_be(tag_iv + (uint32_t)12U);
    uint32_t ctr0 = u;
    Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix1, aes_ctx, ctr0);
    ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix1);
    ctr = ctr0 + (uint32_t)1U;
  }
  Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;
  Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;
  Lib_IntVector_Intrinsics_vec128 tag_mix = ctx[21U];
  gcm_ctx[0U] = Lib_IntVector_Intrinsics_vec128_zero;
  Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, aad_len, aad);
  Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, len, ciphertext);
  store64_be(text, (uint64_t)(aad_len * (uint32_t)8U));
  store64_be(text + (uint32_t)8U, (uint64_t)(len * (uint32_t)8U));
  Hacl_Gf128_NI_gcm_update_blocks(gcm_ctx, (uint32_t)16U, text);
  Hacl_Gf128_NI_gcm_emit(text, gcm_ctx);
  Lib_IntVector_Intrinsics_vec128 text_vec = Lib_IntVector_Intrinsics_vec128_load128_le(text);
  Lib_IntVector_Intrinsics_vec128
  text_vec1 = Lib_IntVector_Intrinsics_vec128_xor(text_vec, tag_mix);
  Lib_IntVector_Intrinsics_vec128_store128_le(text, text_vec1);
  KRML_MAYBE_FOR16(i,
    (uint32_t)0U,
    (uint32_t)16U,
    (uint32_t)1U,
    result[0U] = result[0U] | (text[i] ^ tag[i]););
  uint8_t res8 = result[0U];
  if (res8 == (uint8_t)0U)
  {
    Hacl_AES_256_CTR32_NI_aes256_ctr(len, out, ciphertext, aes_ctx, ctr);
    return true;
  }
  return false;
}


1	/* MIT License
2	*
3	* Copyright (c) 2016-2022 INRIA, CMU and Microsoft Corporation
4	* Copyright (c) 2022-2023 HACL* Contributors
5	*
6	* Permission is hereby granted, free of charge, to any person obtaining a copy
7	* of this software and associated documentation files (the "Software"), to deal
8	* in the Software without restriction, including without limitation the rights
9	* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10	* copies of the Software, and to permit persons to whom the Software is
11	* furnished to do so, subject to the following conditions:
12	*
13	* The above copyright notice and this permission notice shall be included in all
14	* copies or substantial portions of the Software.
15	*
16	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22	* SOFTWARE.
23	*/
24
25
26	#include "Hacl_AES_256_GCM_NI.h"
27
28	void Hacl_AES_256_GCM_NI_aes256_gcm_init(Lib_IntVector_Intrinsics_vec128 ctx, uint8_t key)
29	{	×
30	uint8_t gcm_key[16U] = { 0U };	×
31	uint8_t nonce0[12U] = { 0U };	×
32	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
33	Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;	×
34	Hacl_AES_256_CTR32_NI_aes256_init(aes_ctx, key, nonce0);	×
35	Hacl_AES_256_CTR32_NI_aes256_key_block(gcm_key, aes_ctx, (uint32_t)0U);	×
36	Hacl_Gf128_NI_gcm_init(gcm_ctx, gcm_key);	×
37	}	×
38
39	void
40	Hacl_AES_256_GCM_NI_aes256_gcm_encrypt(
41	Lib_IntVector_Intrinsics_vec128 *ctx,
42	uint32_t len,
43	uint8_t *out,
44	uint8_t *text,
45	uint32_t aad_len,
46	uint8_t *aad,
47	uint32_t iv_len,
48	uint8_t *iv
49	)
50	{	×
51	uint32_t ctr;	×
52	uint8_t tag_mix0[16U] = { 0U };	×
53	uint8_t gcm_key[16U] = { 0U };	×
54	uint8_t tag_iv[16U] = { 0U };	×
55	uint8_t size_iv[16U] = { 0U };	×
56	uint8_t tag_mix1[16U] = { 0U };	×
57	if (iv_len == (uint32_t)12U)	×
58	{	×
59	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
60	Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, iv);	×
61	Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix0, aes_ctx, (uint32_t)1U);	×
62	ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix0);	×
63	ctr = (uint32_t)2U;	×
64	}	×
65	else	×
66	{	×
67	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
68	Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;	×
69	Lib_IntVector_Intrinsics_vec128_store_be(gcm_key, gcm_ctx[4U]);	×
70	Hacl_Gf128_NI_ghash(tag_iv, iv_len, iv, gcm_key);	×
71	store64_be(size_iv + (uint32_t)8U, (uint64_t)(iv_len * (uint32_t)8U));	×
72	KRML_MAYBE_FOR16(i,	×
73	(uint32_t)0U,	×
74	(uint32_t)16U,	×
75	(uint32_t)1U,	×
76	size_iv[i] = tag_iv[i] ^ size_iv[i];);	×
77	Hacl_Gf128_NI_ghash(tag_iv, (uint32_t)16U, size_iv, gcm_key);	×
78	Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, tag_iv);	×
79	uint32_t u = load32_be(tag_iv + (uint32_t)12U);	×
80	uint32_t ctr0 = u;	×
81	Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix1, aes_ctx, ctr0);	×
82	ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix1);	×
83	ctr = ctr0 + (uint32_t)1U;	×
84	}	×
85	uint8_t *cip = out;	×
86	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
87	Hacl_AES_256_CTR32_NI_aes256_ctr(len, cip, text, aes_ctx, ctr);	×
88	Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;	×
89	Lib_IntVector_Intrinsics_vec128 tag_mix = ctx[21U];	×
90	gcm_ctx[0U] = Lib_IntVector_Intrinsics_vec128_zero;	×
91	Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, aad_len, aad);	×
92	Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, len, cip);	×
93	uint8_t tmp[16U] = { 0U };	×
94	store64_be(tmp, (uint64_t)(aad_len * (uint32_t)8U));	×
95	store64_be(tmp + (uint32_t)8U, (uint64_t)(len * (uint32_t)8U));	×
96	Hacl_Gf128_NI_gcm_update_blocks(gcm_ctx, (uint32_t)16U, tmp);	×
97	Hacl_Gf128_NI_gcm_emit(tmp, gcm_ctx);	×
98	Lib_IntVector_Intrinsics_vec128 tmp_vec = Lib_IntVector_Intrinsics_vec128_load128_le(tmp);	×
99	Lib_IntVector_Intrinsics_vec128	×
100	tmp_vec1 = Lib_IntVector_Intrinsics_vec128_xor(tmp_vec, tag_mix);	×
101	Lib_IntVector_Intrinsics_vec128_store128_le(out + len, tmp_vec1);	×
102	}	×
103
104	bool
105	Hacl_AES_256_GCM_NI_aes256_gcm_decrypt(
106	Lib_IntVector_Intrinsics_vec128 *ctx,
107	uint32_t len,
108	uint8_t *out,
109	uint8_t *cipher,
110	uint32_t aad_len,
111	uint8_t *aad,
112	uint32_t iv_len,
113	uint8_t *iv
114	)
115	{	×
116	uint8_t scratch[18U] = { 0U };	×
117	uint8_t *text = scratch;	×
118	uint8_t *result = scratch + (uint32_t)17U;	×
119	uint8_t *ciphertext = cipher;	×
120	uint8_t *tag = cipher + len;	×
121	uint32_t ctr;	×
122	uint8_t tag_mix0[16U] = { 0U };	×
123	uint8_t gcm_key[16U] = { 0U };	×
124	uint8_t tag_iv[16U] = { 0U };	×
125	uint8_t size_iv[16U] = { 0U };	×
126	uint8_t tag_mix1[16U] = { 0U };	×
127	if (iv_len == (uint32_t)12U)	×
128	{	×
129	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
130	Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, iv);	×
131	Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix0, aes_ctx, (uint32_t)1U);	×
132	ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix0);	×
133	ctr = (uint32_t)2U;	×
134	}	×
135	else	×
136	{	×
137	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
138	Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;	×
139	Lib_IntVector_Intrinsics_vec128_store_be(gcm_key, gcm_ctx[4U]);	×
140	Hacl_Gf128_NI_ghash(tag_iv, iv_len, iv, gcm_key);	×
141	store64_be(size_iv + (uint32_t)8U, (uint64_t)(iv_len * (uint32_t)8U));	×
142	KRML_MAYBE_FOR16(i,	×
143	(uint32_t)0U,	×
144	(uint32_t)16U,	×
145	(uint32_t)1U,	×
146	size_iv[i] = tag_iv[i] ^ size_iv[i];);	×
147	Hacl_Gf128_NI_ghash(tag_iv, (uint32_t)16U, size_iv, gcm_key);	×
148	Hacl_AES_256_CTR32_NI_aes256_set_nonce(aes_ctx, tag_iv);	×
149	uint32_t u = load32_be(tag_iv + (uint32_t)12U);	×
150	uint32_t ctr0 = u;	×
151	Hacl_AES_256_CTR32_NI_aes256_key_block(tag_mix1, aes_ctx, ctr0);	×
152	ctx[21U] = Lib_IntVector_Intrinsics_vec128_load128_le(tag_mix1);	×
153	ctr = ctr0 + (uint32_t)1U;	×
154	}	×
155	Lib_IntVector_Intrinsics_vec128 *aes_ctx = ctx;	×
156	Lib_IntVector_Intrinsics_vec128 *gcm_ctx = ctx + (uint32_t)16U;	×
157	Lib_IntVector_Intrinsics_vec128 tag_mix = ctx[21U];	×
158	gcm_ctx[0U] = Lib_IntVector_Intrinsics_vec128_zero;	×
159	Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, aad_len, aad);	×
160	Hacl_Gf128_NI_gcm_update_padded(gcm_ctx, len, ciphertext);	×
161	store64_be(text, (uint64_t)(aad_len * (uint32_t)8U));	×
162	store64_be(text + (uint32_t)8U, (uint64_t)(len * (uint32_t)8U));	×
163	Hacl_Gf128_NI_gcm_update_blocks(gcm_ctx, (uint32_t)16U, text);	×
164	Hacl_Gf128_NI_gcm_emit(text, gcm_ctx);	×
165	Lib_IntVector_Intrinsics_vec128 text_vec = Lib_IntVector_Intrinsics_vec128_load128_le(text);	×
166	Lib_IntVector_Intrinsics_vec128	×
167	text_vec1 = Lib_IntVector_Intrinsics_vec128_xor(text_vec, tag_mix);	×
168	Lib_IntVector_Intrinsics_vec128_store128_le(text, text_vec1);	×
169	KRML_MAYBE_FOR16(i,	×
170	(uint32_t)0U,	×
171	(uint32_t)16U,	×
172	(uint32_t)1U,	×
173	result[0U] = result[0U] \| (text[i] ^ tag[i]););	×
174	uint8_t res8 = result[0U];	×
175	if (res8 == (uint8_t)0U)	×
176	{	×
177	Hacl_AES_256_CTR32_NI_aes256_ctr(len, out, ciphertext, aes_ctx, ctr);	×
178	return true;	×
179	}	×
180	return false;	×
181	}	×
182

cryspen / hacl-packages / 5808703668

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous