Lines Matching refs:Xi
145 static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
148 const u8 *xi = (const u8 *)Xi+15;
149 size_t rem, n = *xi;
221 if ((u8 *)Xi==xi) break;
223 n = *(--xi);
236 Xi[0] = BSWAP8(Z.hi);
237 Xi[1] = BSWAP8(Z.lo);
239 u8 *p = (u8 *)Xi;
248 Xi[0] = Z.hi;
249 Xi[1] = Z.lo;
252 #define GCM_MUL(ctx,Xi) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
335 static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
342 nlo = ((const u8 *)Xi)[15];
363 nlo = ((const u8 *)Xi)[cnt];
381 Xi[0] = BSWAP8(Z.hi);
382 Xi[1] = BSWAP8(Z.lo);
384 u8 *p = (u8 *)Xi;
393 Xi[0] = Z.hi;
394 Xi[1] = Z.lo;
406 static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],
417 nlo = ((const u8 *)Xi)[15];
439 nlo = ((const u8 *)Xi)[cnt];
513 nlo = ((const u8 *)Xi)[cnt];
531 nlo = ((const u8 *)Xi)[0];
551 Xi[0] = BSWAP8(Z.hi);
552 Xi[1] = BSWAP8(Z.lo);
554 u8 *p = (u8 *)Xi;
563 Xi[0] = Z.hi;
564 Xi[1] = Z.lo;
570 void gcm_gmult_4bit(u64 Xi[2],const u128 Htable[16]);
571 void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
574 #define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
576 #define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
585 static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2])
590 const long *xi = (const long *)Xi;
600 X = (long)(BSWAP8(xi[j]));
602 const u8 *p = (const u8 *)(xi+j);
607 const u8 *p = (const u8 *)(xi+j);
612 X = xi[j];
625 Xi[0] = BSWAP8(Z.hi);
626 Xi[1] = BSWAP8(Z.lo);
628 u8 *p = (u8 *)Xi;
637 Xi[0] = Z.hi;
638 Xi[1] = Z.lo;
641 #define GCM_MUL(ctx,Xi) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
654 void gcm_init_clmul(u128 Htable[16],const u64 Xi[2]);
655 void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]);
656 void gcm_ghash_clmul(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
660 void gcm_gmult_4bit_mmx(u64 Xi[2],const u128 Htable[16]);
661 void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
663 void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]);
664 void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
671 void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]);
672 void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len);
679 # define GCM_MUL(ctx,Xi) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
682 # define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
761 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
766 ctx->Xi.u[0] = 0;
767 ctx->Xi.u[1] = 0;
832 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
834 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
849 ctx->Xi.c[n] ^= *(aad++);
853 if (n==0) GCM_MUL(ctx,Xi);
868 for (i=0; i<16; ++i) ctx->Xi.c[i] ^= aad[i];
869 GCM_MUL(ctx,Xi);
876 for (i=0; i<len; ++i) ctx->Xi.c[i] ^= aad[i];
894 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
896 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
911 GCM_MUL(ctx,Xi);
925 ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n];
929 if (n==0) GCM_MUL(ctx,Xi);
988 *(size_t *)(ctx->Xi.c+i) ^=
991 GCM_MUL(ctx,Xi);
1005 ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
1023 ctx->Xi.c[n] ^= out[i] = in[i]^ctx->EKi.c[n];
1026 GCM_MUL(ctx,Xi);
1044 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
1046 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
1058 GCM_MUL(ctx,Xi);
1074 ctx->Xi.c[n] ^= c;
1078 if (n==0) GCM_MUL (ctx,Xi);
1137 *(size_t *)(ctx->Xi.c+i) ^= c;
1139 GCM_MUL(ctx,Xi);
1154 ctx->Xi.c[n] ^= c;
1176 ctx->Xi.c[n] ^= c;
1179 GCM_MUL(ctx,Xi);
1196 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
1198 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
1210 GCM_MUL(ctx,Xi);
1222 ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n];
1226 if (n==0) GCM_MUL(ctx,Xi);
1262 for (i=0;i<16;++i) ctx->Xi.c[i] ^= out[i];
1263 GCM_MUL(ctx,Xi);
1276 ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n];
1295 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
1297 void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16],
1309 GCM_MUL(ctx,Xi);
1323 ctx->Xi.c[n] ^= c;
1327 if (n==0) GCM_MUL (ctx,Xi);
1355 for (k=0;k<16;++k) ctx->Xi.c[k] ^= in[k];
1356 GCM_MUL(ctx,Xi);
1381 ctx->Xi.c[n] ^= c;
1398 void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult;
1402 GCM_MUL(ctx,Xi);
1419 ctx->Xi.u[0] ^= alen;
1420 ctx->Xi.u[1] ^= clen;
1421 GCM_MUL(ctx,Xi);
1423 ctx->Xi.u[0] ^= ctx->EK0.u[0];
1424 ctx->Xi.u[1] ^= ctx->EK0.u[1];
1426 if (tag && len<=sizeof(ctx->Xi))
1427 return memcmp(ctx->Xi.c,tag,len);
1435 memcpy(tag, ctx->Xi.c, len<=sizeof(ctx->Xi.c)?len:sizeof(ctx->Xi.c));
