[apple/xnu.git] / EXTERNAL_HEADERS / corecrypto / cc_priv.h

/*
 *  cc_priv.h
 *  corecrypto
 *
 *  Created on 12/01/2010
 *
 *  Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
 *
 */

#ifndef _CORECRYPTO_CC_PRIV_H_
#define _CORECRYPTO_CC_PRIV_H_

#include <corecrypto/cc.h>
#include <stdint.h>

/* defines the following macros :

 CC_MEMCPY  : optimized memcpy.
 CC_MEMMOVE : optimized memmove.
 CC_MEMSET  : optimized memset.

 CC_STORE32_BE : store 32 bit value in big endian in unaligned buffer.
 CC_STORE32_LE : store 32 bit value in little endian in unaligned buffer.
 CC_STORE64_BE : store 64 bit value in big endian in unaligned buffer.
 CC_STORE64_LE : store 64 bit value in little endian in unaligned buffer.

 CC_LOAD32_BE : load 32 bit value in big endian from unaligned buffer.
 CC_LOAD32_LE : load 32 bit value in little endian from unaligned buffer.
 CC_LOAD64_BE : load 64 bit value in big endian from unaligned buffer.
 CC_LOAD64_LE : load 64 bit value in little endian from unaligned buffer.

 CC_ROR  : Rotate Right 32 bits. Rotate count can be a variable.
 CC_ROL  : Rotate Left 32 bits. Rotate count can be a variable.
 CC_RORc : Rotate Right 32 bits. Rotate count must be a constant.
 CC_ROLc : Rotate Left 32 bits. Rotate count must be a constant.

 CC_ROR64  : Rotate Right 64 bits. Rotate count can be a variable.
 CC_ROL64  : Rotate Left 64 bits. Rotate count can be a variable.
 CC_ROR64c : Rotate Right 64 bits. Rotate count must be a constant.
 CC_ROL64c : Rotate Left 64 bits. Rotate count must be a constant.

 CC_BSWAP  : byte swap a 32 bits variable.

 CC_H2BE32 : convert a 32 bits value between host and big endian order.
 CC_H2LE32 : convert a 32 bits value between host and little endian order.

The following are not defined yet... define them if needed.

 CC_BSWAPc   : byte swap a 32 bits constant

 CC_BSWAP64  : byte swap a 64 bits variable
 CC_BSWAP64c : byte swap a 64 bits constant

 CC_READ_LE32 : read a 32 bits little endian value

 CC_WRITE_LE32 : write a 32 bits little endian value
 CC_WRITE_LE64 : write a 64 bits little endian value

 CC_H2BE64 : convert a 64 bits value between host and big endian order
 CC_H2LE64 : convert a 64 bits value between host and little endian order

*/

/* TODO: optimized versions */
#define CC_MEMCPY(D,S,L) memcpy((D),(S),(L))
#define CC_MEMMOVE(D,S,L) memmove((D),(S),(L))
#define CC_MEMSET(D,V,L) memset((D),(V),(L))

// MARK: - Loads and Store

// MARK: -- 32 bits - little endian

// MARK: --- Default version

#define	CC_STORE32_LE(x, y) do {                                    \
    ((unsigned char *)(y))[3] = (unsigned char)(((x)>>24)&255);		\
    ((unsigned char *)(y))[2] = (unsigned char)(((x)>>16)&255);		\
    ((unsigned char *)(y))[1] = (unsigned char)(((x)>>8)&255);		\
    ((unsigned char *)(y))[0] = (unsigned char)((x)&255);			\
} while(0)

#define	CC_LOAD32_LE(x, y) do {                                     \
x = ((uint32_t)(((const unsigned char *)(y))[3] & 255)<<24) |			    \
    ((uint32_t)(((const unsigned char *)(y))[2] & 255)<<16) |			    \
    ((uint32_t)(((const unsigned char *)(y))[1] & 255)<<8)  |			    \
    ((uint32_t)(((const unsigned char *)(y))[0] & 255));				    \
} while(0)

// MARK: -- 64 bits - little endian

#define	CC_STORE64_LE(x, y) do {                                    \
    ((unsigned char *)(y))[7] = (unsigned char)(((x)>>56)&255);     \
    ((unsigned char *)(y))[6] = (unsigned char)(((x)>>48)&255);		\
    ((unsigned char *)(y))[5] = (unsigned char)(((x)>>40)&255);		\
    ((unsigned char *)(y))[4] = (unsigned char)(((x)>>32)&255);		\
    ((unsigned char *)(y))[3] = (unsigned char)(((x)>>24)&255);		\
    ((unsigned char *)(y))[2] = (unsigned char)(((x)>>16)&255);		\
    ((unsigned char *)(y))[1] = (unsigned char)(((x)>>8)&255);		\
    ((unsigned char *)(y))[0] = (unsigned char)((x)&255);			\
} while(0)

#define	CC_LOAD64_LE(x, y) do {                                     \
x = (((uint64_t)(((const unsigned char *)(y))[7] & 255))<<56) |           \
    (((uint64_t)(((const unsigned char *)(y))[6] & 255))<<48) |           \
    (((uint64_t)(((const unsigned char *)(y))[5] & 255))<<40) |           \
    (((uint64_t)(((const unsigned char *)(y))[4] & 255))<<32) |           \
    (((uint64_t)(((const unsigned char *)(y))[3] & 255))<<24) |           \
    (((uint64_t)(((const unsigned char *)(y))[2] & 255))<<16) |           \
    (((uint64_t)(((const unsigned char *)(y))[1] & 255))<<8)  |           \
    (((uint64_t)(((const unsigned char *)(y))[0] & 255)));                \
} while(0)

// MARK: -- 32 bits - big endian
// MARK: --- intel version

#if (defined(__i386__) || defined(__x86_64__)) && !defined(_MSC_VER)

#define CC_STORE32_BE(x, y)     \
    __asm__ __volatile__ (      \
    "bswapl %0     \n\t"        \
    "movl   %0,(%1)\n\t"        \
    "bswapl %0     \n\t"        \
    ::"r"(x), "r"(y))

#define CC_LOAD32_BE(x, y)      \
    __asm__ __volatile__ (      \
    "movl (%1),%0\n\t"          \
    "bswapl %0\n\t"             \
    :"=r"(x): "r"(y))

#else
// MARK: --- default version
#define	CC_STORE32_BE(x, y) do {                                \
    ((unsigned char *)(y))[0] = (unsigned char)(((x)>>24)&255);	\
    ((unsigned char *)(y))[1] = (unsigned char)(((x)>>16)&255);	\
    ((unsigned char *)(y))[2] = (unsigned char)(((x)>>8)&255);	\
    ((unsigned char *)(y))[3] = (unsigned char)((x)&255);       \
} while(0)

#define	CC_LOAD32_BE(x, y) do {                             \
x = ((uint32_t)(((const unsigned char *)(y))[0] & 255)<<24) |	    \
    ((uint32_t)(((const unsigned char *)(y))[1] & 255)<<16) |		\
    ((uint32_t)(((const unsigned char *)(y))[2] & 255)<<8)  |		\
    ((uint32_t)(((const unsigned char *)(y))[3] & 255));          \
} while(0)

#endif

// MARK: -- 64 bits - big endian

// MARK: --- intel 64 bits version

#if defined(__x86_64__) && !defined (_MSC_VER)

#define	CC_STORE64_BE(x, y)   \
__asm__ __volatile__ (        \
"bswapq %0     \n\t"          \
"movq   %0,(%1)\n\t"          \
"bswapq %0     \n\t"          \
::"r"(x), "r"(y))

#define	CC_LOAD64_BE(x, y)    \
__asm__ __volatile__ (        \
"movq (%1),%0\n\t"            \
"bswapq %0\n\t"               \
:"=r"(x): "r"(y))

#else

// MARK: --- default version

#define CC_STORE64_BE(x, y) do {                                    \
    ((unsigned char *)(y))[0] = (unsigned char)(((x)>>56)&255);		\
    ((unsigned char *)(y))[1] = (unsigned char)(((x)>>48)&255);		\
    ((unsigned char *)(y))[2] = (unsigned char)(((x)>>40)&255);		\
    ((unsigned char *)(y))[3] = (unsigned char)(((x)>>32)&255);		\
    ((unsigned char *)(y))[4] = (unsigned char)(((x)>>24)&255);		\
    ((unsigned char *)(y))[5] = (unsigned char)(((x)>>16)&255);		\
    ((unsigned char *)(y))[6] = (unsigned char)(((x)>>8)&255);		\
    ((unsigned char *)(y))[7] = (unsigned char)((x)&255);			\
} while(0)

#define	CC_LOAD64_BE(x, y) do {                                     \
x = (((uint64_t)(((const unsigned char *)(y))[0] & 255))<<56) |           \
    (((uint64_t)(((const unsigned char *)(y))[1] & 255))<<48) |           \
    (((uint64_t)(((const unsigned char *)(y))[2] & 255))<<40) |           \
    (((uint64_t)(((const unsigned char *)(y))[3] & 255))<<32) |           \
    (((uint64_t)(((const unsigned char *)(y))[4] & 255))<<24) |           \
    (((uint64_t)(((const unsigned char *)(y))[5] & 255))<<16) |           \
    (((uint64_t)(((const unsigned char *)(y))[6] & 255))<<8)  |          	\
    (((uint64_t)(((const unsigned char *)(y))[7] & 255)));	            \
} while(0)

#endif

// MARK: - 32-bit Rotates

#if defined(_MSC_VER)
// MARK: -- MSVC version

#include <stdlib.h>
#if !defined(__clang__)
 #pragma intrinsic(_lrotr,_lrotl)
#endif
#define	CC_ROR(x,n) _lrotr(x,n)
#define	CC_ROL(x,n) _lrotl(x,n)
#define	CC_RORc(x,n) _lrotr(x,n)
#define	CC_ROLc(x,n) _lrotl(x,n)

#elif (defined(__i386__) || defined(__x86_64__))
// MARK: -- intel asm version

CC_INLINE uint32_t CC_ROL(uint32_t word, int i)
{
    __asm__ ("roll %%cl,%0"
         :"=r" (word)
         :"0" (word),"c" (i));
    return word;
}

CC_INLINE uint32_t CC_ROR(uint32_t word, int i)
{
    __asm__ ("rorl %%cl,%0"
         :"=r" (word)
         :"0" (word),"c" (i));
    return word;
}

/* Need to be a macro here, because 'i' is an immediate (constant) */
#define CC_ROLc(word, i)                \
({  uint32_t _word=(word);              \
    __asm__ __volatile__ ("roll %2,%0"  \
        :"=r" (_word)                   \
        :"0" (_word),"I" (i));          \
    _word;                              \
})


#define CC_RORc(word, i)                \
({  uint32_t _word=(word);              \
    __asm__ __volatile__ ("rorl %2,%0"  \
        :"=r" (_word)                   \
        :"0" (_word),"I" (i));          \
    _word;                              \
})

#else

// MARK: -- default version

CC_INLINE uint32_t CC_ROL(uint32_t word, int i)
{
    return ( (word<<(i&31)) | (word>>(32-(i&31))) );
}

CC_INLINE uint32_t CC_ROR(uint32_t word, int i)
{
    return ( (word>>(i&31)) | (word<<(32-(i&31))) );
}

#define	CC_ROLc(x, y) CC_ROL(x, y)
#define	CC_RORc(x, y) CC_ROR(x, y)

#endif

// MARK: - 64 bits rotates

#if defined(__x86_64__) && !defined(_MSC_VER) //clang _MSVC doesn't support GNU-style inline assembly
// MARK: -- intel 64 asm version

CC_INLINE uint64_t CC_ROL64(uint64_t word, int i)
{
    __asm__("rolq %%cl,%0"
        :"=r" (word)
        :"0" (word),"c" (i));
    return word;
}

CC_INLINE uint64_t CC_ROR64(uint64_t word, int i)
{
    __asm__("rorq %%cl,%0"
        :"=r" (word)
        :"0" (word),"c" (i));
    return word;
}

/* Need to be a macro here, because 'i' is an immediate (constant) */
#define CC_ROL64c(word, i)      \
({                              \
    uint64_t _word=(word);      \
    __asm__("rolq %2,%0"        \
        :"=r" (_word)           \
        :"0" (_word),"J" (i));  \
    _word;                      \
})

#define CC_ROR64c(word, i)      \
({                              \
    uint64_t _word=(word);      \
    __asm__("rorq %2,%0"        \
        :"=r" (_word)           \
        :"0" (_word),"J" (i));  \
    _word;                      \
})


#else /* Not x86_64  */

// MARK: -- default C version

CC_INLINE uint64_t CC_ROL64(uint64_t word, int i)
{
    return ( (word<<(i&63)) | (word>>(64-(i&63))) );
}

CC_INLINE uint64_t CC_ROR64(uint64_t word, int i)
{
    return ( (word>>(i&63)) | (word<<(64-(i&63))) );
}

#define	CC_ROL64c(x, y) CC_ROL64(x, y)
#define	CC_ROR64c(x, y) CC_ROR64(x, y)

#endif


// MARK: - Byte Swaps

CC_INLINE uint32_t CC_BSWAP(uint32_t x)
{
    return (
        ((x>>24)&0x000000FF) |
        ((x<<24)&0xFF000000) |
        ((x>>8) &0x0000FF00) |
        ((x<<8) &0x00FF0000)
    );
}

#define CC_BSWAP64(x) \
((uint64_t)((((uint64_t)(x) & 0xff00000000000000ULL) >> 56) | \
(((uint64_t)(x) & 0x00ff000000000000ULL) >> 40) | \
(((uint64_t)(x) & 0x0000ff0000000000ULL) >> 24) | \
(((uint64_t)(x) & 0x000000ff00000000ULL) >>  8) | \
(((uint64_t)(x) & 0x00000000ff000000ULL) <<  8) | \
(((uint64_t)(x) & 0x0000000000ff0000ULL) << 24) | \
(((uint64_t)(x) & 0x000000000000ff00ULL) << 40) | \
(((uint64_t)(x) & 0x00000000000000ffULL) << 56)))

#ifdef __LITTLE_ENDIAN__
#define CC_H2BE32(x) CC_BSWAP(x)
#define CC_H2LE32(x) (x)
#else
#define CC_H2BE32(x) (x)
#define CC_H2LE32(x) CC_BSWAP(x)
#endif

#define	CC_READ_LE32(ptr) \
( (uint32_t)( \
((uint32_t)((const uint8_t *)(ptr))[0]) | \
(((uint32_t)((const uint8_t *)(ptr))[1]) <<  8) | \
(((uint32_t)((const uint8_t *)(ptr))[2]) << 16) | \
(((uint32_t)((const uint8_t *)(ptr))[3]) << 24)))

#define	CC_WRITE_LE32(ptr, x) \
do { \
((uint8_t *)(ptr))[0] = (uint8_t)( (x)        & 0xFF); \
((uint8_t *)(ptr))[1] = (uint8_t)(((x) >>  8) & 0xFF); \
((uint8_t *)(ptr))[2] = (uint8_t)(((x) >> 16) & 0xFF); \
((uint8_t *)(ptr))[3] = (uint8_t)(((x) >> 24) & 0xFF); \
} while(0)

#define	CC_WRITE_LE64(ptr, x) \
do { \
((uint8_t *)(ptr))[0] = (uint8_t)( (x)        & 0xFF); \
((uint8_t *)(ptr))[1] = (uint8_t)(((x) >>  8) & 0xFF); \
((uint8_t *)(ptr))[2] = (uint8_t)(((x) >> 16) & 0xFF); \
((uint8_t *)(ptr))[3] = (uint8_t)(((x) >> 24) & 0xFF); \
((uint8_t *)(ptr))[4] = (uint8_t)(((x) >> 32) & 0xFF); \
((uint8_t *)(ptr))[5] = (uint8_t)(((x) >> 40) & 0xFF); \
((uint8_t *)(ptr))[6] = (uint8_t)(((x) >> 48) & 0xFF); \
((uint8_t *)(ptr))[7] = (uint8_t)(((x) >> 56) & 0xFF); \
} while(0)

/* extract a byte portably */
#ifdef _MSC_VER
#define cc_byte(x, n) ((unsigned char)((x) >> (8 * (n))))
#else
#define cc_byte(x, n) (((x) >> (8 * (n))) & 255)
#endif

/* HEAVISIDE_STEP (shifted by one)
   function f(x): x->0, when x=0 
                  x->1, when x>0
   Can also be seen as a bitwise operation: 
      f(x): x -> y
        y[0]=(OR x[i]) for all i (all bits)
        y[i]=0 for all i>0
   Run in constant time (log2(<bitsize of x>))  
   Useful to run constant time checks
*/
#define HEAVISIDE_STEP_UINT64(r,s) {uint64_t _t=s; \
    _t=(((_t)>>32) | (_t)); \
    _t=(0xFFFFFFFF + (_t & 0xFFFFFFFF)); \
    r=_t >> 32;}

#define HEAVISIDE_STEP_UINT32(r,s) {uint32_t _t=s; \
    _t=(((_t)>>16) | (_t)); \
    _t=(0xFFFF + (_t & 0xFFFF)); \
    r=_t >> 16;}

#define HEAVISIDE_STEP_UINT16(r,s) {uint32_t _t=s; \
    _t=(0xFFFF + ((_t) & 0xFFFF)); \
    r=_t >> 16;}

#define HEAVISIDE_STEP_UINT8(r,s) {uint16_t _t=s; \
    _t=(0xFF + ((_t) & 0xFF)); \
    r=_t >> 8;}

#define CC_HEAVISIDE_STEP(r,s) { \
    if (sizeof(s) == 1)      {HEAVISIDE_STEP_UINT8(r,s);}  \
    else if (sizeof(s) == 2) {HEAVISIDE_STEP_UINT16(r,s);} \
    else if (sizeof(s) == 4) {HEAVISIDE_STEP_UINT32(r,s);} \
    else if (sizeof(s) == 8) {HEAVISIDE_STEP_UINT64(r,s);} \
    else {r=(((s)==0)?0:1);} \
    }

/* Return 1 if x mod 4 =1,2,3, 0 otherwise */
#define CC_CARRY_2BITS(x) (((x>>1) | x) & 0x1)
#define CC_CARRY_3BITS(x) (((x>>2) | (x>>1) | x) & 0x1)

/* Set a variable to the biggest power of 2 which can be represented */ 
#define MAX_POWER_OF_2(x)   ((__typeof__(x))1<<(8*sizeof(x)-1))
#define cc_ceiling(a,b)  (((a)+((b)-1))/(b))
#define CC_BITLEN_TO_BYTELEN(x) cc_ceiling((x), 8)

//cc_try_abort() is implemented to comply with FIPS 140-2. See radar 19129408
void cc_try_abort(const char * msg , ...);

/*!
 @brief     cc_muxp(s, a, b) is equivalent to z = s ? a : b, but it executes in constant time
 @param a	input pointer
 @param b	input pointer
 @param s	The selection parameter s must be 0 or 1. if s is integer 1 a is returned. If s is integer 0, b is returned. Otherwise, the output is undefined.
 @return    Returns a, if s is 1 and b if s is 0
 */
void *cc_muxp(int s, const void *a, const void *b);

/*!
 @brief     cc_mux2p
 @param a	input pointer
 @param b	input pointer
 @param r_true	output pointer: if s is integer 1 r_true=a  is returned, otherwise r_true=b
 @param r_false	output pointer: if s is integer 1 r_false=b is returned, otherwise r_false=a
 @param s	The selection parameter s must be 0 or 1.
 @discussion Executes in constant time
 */
void cc_mux2p(int s, void **r_true, void **r_false, const void *a, const void *b);

/*!
 @brief     CC_MUXU(s, a, b) is equivalent to z = s ? a : b, but it executes in constant time
 @param a	input unsigned type
 @param b	input unsigned type
 @param s	The selection parameter s must be 0 or 1. if s is integer 1 a is returned. If s is integer 0, b is returned. Otherwise, the output is undefined.
 @param r	output
 @return    r = a, if s is 1 and b if s is 0
 */
#define CC_MUXU(r, s, a, b)   \
{                       \
    __typeof__(r) _cond = ((__typeof__(r))(s)-(__typeof__(r))1); \
    r = (~_cond&(a))|(_cond&(b)); \
}

/*
  Unfortunately, since we export this symbol, this declaration needs
  to be in a public header to satisfy TAPI.

  See fipspost_trace_priv.h for more details.
*/
extern const void *fipspost_trace_vtable;

#endif /* _CORECRYPTO_CC_PRIV_H_ */
Commit	Line	Data
316670eb A	1	/*
	2	* cc_priv.h
	3	* corecrypto
	4	*
3e170ce0 A	5	* Created on 12/01/2010
	6	*
	7	* Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
316670eb A	8	*
	9	*/
	10
	11	#ifndef _CORECRYPTO_CC_PRIV_H_
	12	#define _CORECRYPTO_CC_PRIV_H_
	13
	14	#include <corecrypto/cc.h>
	15	#include <stdint.h>
	16
	17	/* defines the following macros :
	18
	19	CC_MEMCPY : optimized memcpy.
	20	CC_MEMMOVE : optimized memmove.
	21	CC_MEMSET : optimized memset.
316670eb A	22
	23	CC_STORE32_BE : store 32 bit value in big endian in unaligned buffer.
	24	CC_STORE32_LE : store 32 bit value in little endian in unaligned buffer.
	25	CC_STORE64_BE : store 64 bit value in big endian in unaligned buffer.
	26	CC_STORE64_LE : store 64 bit value in little endian in unaligned buffer.
	27
	28	CC_LOAD32_BE : load 32 bit value in big endian from unaligned buffer.
	29	CC_LOAD32_LE : load 32 bit value in little endian from unaligned buffer.
	30	CC_LOAD64_BE : load 64 bit value in big endian from unaligned buffer.
	31	CC_LOAD64_LE : load 64 bit value in little endian from unaligned buffer.
	32
	33	CC_ROR : Rotate Right 32 bits. Rotate count can be a variable.
	34	CC_ROL : Rotate Left 32 bits. Rotate count can be a variable.
	35	CC_RORc : Rotate Right 32 bits. Rotate count must be a constant.
	36	CC_ROLc : Rotate Left 32 bits. Rotate count must be a constant.
	37
	38	CC_ROR64 : Rotate Right 64 bits. Rotate count can be a variable.
	39	CC_ROL64 : Rotate Left 64 bits. Rotate count can be a variable.
	40	CC_ROR64c : Rotate Right 64 bits. Rotate count must be a constant.
	41	CC_ROL64c : Rotate Left 64 bits. Rotate count must be a constant.
	42
	43	CC_BSWAP : byte swap a 32 bits variable.
	44
	45	CC_H2BE32 : convert a 32 bits value between host and big endian order.
	46	CC_H2LE32 : convert a 32 bits value between host and little endian order.
	47
	48	The following are not defined yet... define them if needed.
	49
	50	CC_BSWAPc : byte swap a 32 bits constant
	51
	52	CC_BSWAP64 : byte swap a 64 bits variable
	53	CC_BSWAP64c : byte swap a 64 bits constant
	54
	55	CC_READ_LE32 : read a 32 bits little endian value
316670eb A	56
	57	CC_WRITE_LE32 : write a 32 bits little endian value
	58	CC_WRITE_LE64 : write a 64 bits little endian value
316670eb A	59
	60	CC_H2BE64 : convert a 64 bits value between host and big endian order
	61	CC_H2LE64 : convert a 64 bits value between host and little endian order
fe8ab488	62
316670eb A	63	*/
	64
	65	/* TODO: optimized versions */
	66	#define CC_MEMCPY(D,S,L) memcpy((D),(S),(L))
	67	#define CC_MEMMOVE(D,S,L) memmove((D),(S),(L))
	68	#define CC_MEMSET(D,V,L) memset((D),(V),(L))
316670eb	69
fe8ab488	70	// MARK: - Loads and Store
316670eb	71
fe8ab488	72	// MARK: -- 32 bits - little endian
316670eb	73
fe8ab488	74	// MARK: --- Default version
316670eb A	75
	76	#define CC_STORE32_LE(x, y) do { \
	77	((unsigned char *)(y))[3] = (unsigned char)(((x)>>24)&255); \
	78	((unsigned char *)(y))[2] = (unsigned char)(((x)>>16)&255); \
	79	((unsigned char *)(y))[1] = (unsigned char)(((x)>>8)&255); \
	80	((unsigned char *)(y))[0] = (unsigned char)((x)&255); \
	81	} while(0)
	82
	83	#define CC_LOAD32_LE(x, y) do { \
3e170ce0 A	84	x = ((uint32_t)(((const unsigned char *)(y))[3] & 255)<<24) \| \
	85	((uint32_t)(((const unsigned char *)(y))[2] & 255)<<16) \| \
	86	((uint32_t)(((const unsigned char *)(y))[1] & 255)<<8) \| \
	87	((uint32_t)(((const unsigned char *)(y))[0] & 255)); \
316670eb A	88	} while(0)
316670eb A	89
fe8ab488	90	// MARK: -- 64 bits - little endian
316670eb A	91
	92	#define CC_STORE64_LE(x, y) do { \
	93	((unsigned char *)(y))[7] = (unsigned char)(((x)>>56)&255); \
	94	((unsigned char *)(y))[6] = (unsigned char)(((x)>>48)&255); \
	95	((unsigned char *)(y))[5] = (unsigned char)(((x)>>40)&255); \
	96	((unsigned char *)(y))[4] = (unsigned char)(((x)>>32)&255); \
	97	((unsigned char *)(y))[3] = (unsigned char)(((x)>>24)&255); \
	98	((unsigned char *)(y))[2] = (unsigned char)(((x)>>16)&255); \
	99	((unsigned char *)(y))[1] = (unsigned char)(((x)>>8)&255); \
	100	((unsigned char *)(y))[0] = (unsigned char)((x)&255); \
	101	} while(0)
	102
	103	#define CC_LOAD64_LE(x, y) do { \
3e170ce0 A	104	x = (((uint64_t)(((const unsigned char *)(y))[7] & 255))<<56) \| \
	105	(((uint64_t)(((const unsigned char *)(y))[6] & 255))<<48) \| \
	106	(((uint64_t)(((const unsigned char *)(y))[5] & 255))<<40) \| \
	107	(((uint64_t)(((const unsigned char *)(y))[4] & 255))<<32) \| \
	108	(((uint64_t)(((const unsigned char *)(y))[3] & 255))<<24) \| \
	109	(((uint64_t)(((const unsigned char *)(y))[2] & 255))<<16) \| \
	110	(((uint64_t)(((const unsigned char *)(y))[1] & 255))<<8) \| \
	111	(((uint64_t)(((const unsigned char *)(y))[0] & 255))); \
316670eb A	112	} while(0)
316670eb A	113
fe8ab488 A	114	// MARK: -- 32 bits - big endian
fe8ab488 A	115	// MARK: --- intel version
316670eb	116
39037602	117	#if (defined(__i386__) \|\| defined(__x86_64__)) && !defined(_MSC_VER)
316670eb A	118
	119	#define CC_STORE32_BE(x, y) \
	120	__asm__ __volatile__ ( \
	121	"bswapl %0 \n\t" \
	122	"movl %0,(%1)\n\t" \
	123	"bswapl %0 \n\t" \
	124	::"r"(x), "r"(y))
	125
	126	#define CC_LOAD32_BE(x, y) \
	127	__asm__ __volatile__ ( \
	128	"movl (%1),%0\n\t" \
	129	"bswapl %0\n\t" \
	130	:"=r"(x): "r"(y))
	131
	132	#else
fe8ab488	133	// MARK: --- default version
316670eb A	134	#define CC_STORE32_BE(x, y) do { \
	135	((unsigned char *)(y))[0] = (unsigned char)(((x)>>24)&255); \
	136	((unsigned char *)(y))[1] = (unsigned char)(((x)>>16)&255); \
	137	((unsigned char *)(y))[2] = (unsigned char)(((x)>>8)&255); \
	138	((unsigned char *)(y))[3] = (unsigned char)((x)&255); \
	139	} while(0)
	140
	141	#define CC_LOAD32_BE(x, y) do { \
3e170ce0 A	142	x = ((uint32_t)(((const unsigned char *)(y))[0] & 255)<<24) \| \
	143	((uint32_t)(((const unsigned char *)(y))[1] & 255)<<16) \| \
	144	((uint32_t)(((const unsigned char *)(y))[2] & 255)<<8) \| \
	145	((uint32_t)(((const unsigned char *)(y))[3] & 255)); \
316670eb A	146	} while(0)
	147
	148	#endif
	149
fe8ab488	150	// MARK: -- 64 bits - big endian
316670eb	151
fe8ab488	152	// MARK: --- intel 64 bits version
316670eb	153
39037602	154	#if defined(__x86_64__) && !defined (_MSC_VER)
316670eb A	155
	156	#define CC_STORE64_BE(x, y) \
	157	__asm__ __volatile__ ( \
	158	"bswapq %0 \n\t" \
	159	"movq %0,(%1)\n\t" \
	160	"bswapq %0 \n\t" \
	161	::"r"(x), "r"(y))
	162
	163	#define CC_LOAD64_BE(x, y) \
	164	__asm__ __volatile__ ( \
	165	"movq (%1),%0\n\t" \
	166	"bswapq %0\n\t" \
	167	:"=r"(x): "r"(y))
	168
	169	#else
	170
fe8ab488	171	// MARK: --- default version
316670eb A	172
	173	#define CC_STORE64_BE(x, y) do { \
	174	((unsigned char *)(y))[0] = (unsigned char)(((x)>>56)&255); \
	175	((unsigned char *)(y))[1] = (unsigned char)(((x)>>48)&255); \
	176	((unsigned char *)(y))[2] = (unsigned char)(((x)>>40)&255); \
	177	((unsigned char *)(y))[3] = (unsigned char)(((x)>>32)&255); \
	178	((unsigned char *)(y))[4] = (unsigned char)(((x)>>24)&255); \
	179	((unsigned char *)(y))[5] = (unsigned char)(((x)>>16)&255); \
	180	((unsigned char *)(y))[6] = (unsigned char)(((x)>>8)&255); \
	181	((unsigned char *)(y))[7] = (unsigned char)((x)&255); \
	182	} while(0)
	183
	184	#define CC_LOAD64_BE(x, y) do { \
3e170ce0 A	185	x = (((uint64_t)(((const unsigned char *)(y))[0] & 255))<<56) \| \
	186	(((uint64_t)(((const unsigned char *)(y))[1] & 255))<<48) \| \
	187	(((uint64_t)(((const unsigned char *)(y))[2] & 255))<<40) \| \
	188	(((uint64_t)(((const unsigned char *)(y))[3] & 255))<<32) \| \
	189	(((uint64_t)(((const unsigned char *)(y))[4] & 255))<<24) \| \
	190	(((uint64_t)(((const unsigned char *)(y))[5] & 255))<<16) \| \
	191	(((uint64_t)(((const unsigned char *)(y))[6] & 255))<<8) \| \
	192	(((uint64_t)(((const unsigned char *)(y))[7] & 255))); \
316670eb A	193	} while(0)
	194
	195	#endif
	196
fe8ab488	197	// MARK: - 32-bit Rotates
316670eb A	198
316670eb A	199	#if defined(_MSC_VER)
fe8ab488	200	// MARK: -- MSVC version
316670eb A	201
316670eb A	202	#include <stdlib.h>
39037602 A	203	#if !defined(__clang__)
	204	#pragma intrinsic(_lrotr,_lrotl)
	205	#endif
316670eb A	206	#define CC_ROR(x,n) _lrotr(x,n)
	207	#define CC_ROL(x,n) _lrotl(x,n)
	208	#define CC_RORc(x,n) _lrotr(x,n)
	209	#define CC_ROLc(x,n) _lrotl(x,n)
	210
	211	#elif (defined(__i386__) \|\| defined(__x86_64__))
fe8ab488	212	// MARK: -- intel asm version
316670eb	213
39037602	214	CC_INLINE uint32_t CC_ROL(uint32_t word, int i)
316670eb A	215	{
	216	__asm__ ("roll %%cl,%0"
	217	:"=r" (word)
	218	:"0" (word),"c" (i));
	219	return word;
	220	}
	221
39037602	222	CC_INLINE uint32_t CC_ROR(uint32_t word, int i)
316670eb A	223	{
	224	__asm__ ("rorl %%cl,%0"
	225	:"=r" (word)
	226	:"0" (word),"c" (i));
	227	return word;
	228	}
	229
	230	/* Need to be a macro here, because 'i' is an immediate (constant) */
	231	#define CC_ROLc(word, i) \
	232	({ uint32_t _word=(word); \
	233	__asm__ __volatile__ ("roll %2,%0" \
	234	:"=r" (_word) \
	235	:"0" (_word),"I" (i)); \
	236	_word; \
	237	})
	238
	239
	240	#define CC_RORc(word, i) \
	241	({ uint32_t _word=(word); \
	242	__asm__ __volatile__ ("rorl %2,%0" \
	243	:"=r" (_word) \
	244	:"0" (_word),"I" (i)); \
	245	_word; \
	246	})
	247
	248	#else
	249
fe8ab488	250	// MARK: -- default version
316670eb	251
39037602	252	CC_INLINE uint32_t CC_ROL(uint32_t word, int i)
316670eb A	253	{
	254	return ( (word<<(i&31)) \| (word>>(32-(i&31))) );
	255	}
	256
39037602	257	CC_INLINE uint32_t CC_ROR(uint32_t word, int i)
316670eb A	258	{
	259	return ( (word>>(i&31)) \| (word<<(32-(i&31))) );
	260	}
	261
	262	#define CC_ROLc(x, y) CC_ROL(x, y)
	263	#define CC_RORc(x, y) CC_ROR(x, y)
	264
	265	#endif
	266
fe8ab488	267	// MARK: - 64 bits rotates
316670eb	268
39037602	269	#if defined(__x86_64__) && !defined(_MSC_VER) //clang _MSVC doesn't support GNU-style inline assembly
fe8ab488	270	// MARK: -- intel 64 asm version
316670eb	271
39037602	272	CC_INLINE uint64_t CC_ROL64(uint64_t word, int i)
316670eb A	273	{
	274	__asm__("rolq %%cl,%0"
	275	:"=r" (word)
	276	:"0" (word),"c" (i));
	277	return word;
	278	}
	279
39037602	280	CC_INLINE uint64_t CC_ROR64(uint64_t word, int i)
316670eb A	281	{
	282	__asm__("rorq %%cl,%0"
	283	:"=r" (word)
	284	:"0" (word),"c" (i));
	285	return word;
	286	}
	287
	288	/* Need to be a macro here, because 'i' is an immediate (constant) */
	289	#define CC_ROL64c(word, i) \
	290	({ \
	291	uint64_t _word=(word); \
	292	__asm__("rolq %2,%0" \
	293	:"=r" (_word) \
	294	:"0" (_word),"J" (i)); \
	295	_word; \
	296	})
	297
	298	#define CC_ROR64c(word, i) \
	299	({ \
	300	uint64_t _word=(word); \
	301	__asm__("rorq %2,%0" \
	302	:"=r" (_word) \
	303	:"0" (_word),"J" (i)); \
	304	_word; \
	305	})
	306
	307
	308	#else /* Not x86_64 */
	309
fe8ab488	310	// MARK: -- default C version
316670eb	311
39037602	312	CC_INLINE uint64_t CC_ROL64(uint64_t word, int i)
316670eb A	313	{
	314	return ( (word<<(i&63)) \| (word>>(64-(i&63))) );
	315	}
	316
39037602	317	CC_INLINE uint64_t CC_ROR64(uint64_t word, int i)
316670eb A	318	{
	319	return ( (word>>(i&63)) \| (word<<(64-(i&63))) );
	320	}
	321
	322	#define CC_ROL64c(x, y) CC_ROL64(x, y)
	323	#define CC_ROR64c(x, y) CC_ROR64(x, y)
	324
	325	#endif
	326
	327
fe8ab488	328	// MARK: - Byte Swaps
316670eb	329
39037602	330	CC_INLINE uint32_t CC_BSWAP(uint32_t x)
316670eb A	331	{
	332	return (
	333	((x>>24)&0x000000FF) \|
	334	((x<<24)&0xFF000000) \|
	335	((x>>8) &0x0000FF00) \|
	336	((x<<8) &0x00FF0000)
	337	);
	338	}
	339
fe8ab488 A	340	#define CC_BSWAP64(x) \
	341	((uint64_t)((((uint64_t)(x) & 0xff00000000000000ULL) >> 56) \| \
	342	(((uint64_t)(x) & 0x00ff000000000000ULL) >> 40) \| \
	343	(((uint64_t)(x) & 0x0000ff0000000000ULL) >> 24) \| \
	344	(((uint64_t)(x) & 0x000000ff00000000ULL) >> 8) \| \
	345	(((uint64_t)(x) & 0x00000000ff000000ULL) << 8) \| \
	346	(((uint64_t)(x) & 0x0000000000ff0000ULL) << 24) \| \
	347	(((uint64_t)(x) & 0x000000000000ff00ULL) << 40) \| \
	348	(((uint64_t)(x) & 0x00000000000000ffULL) << 56)))
	349
316670eb A	350	#ifdef __LITTLE_ENDIAN__
	351	#define CC_H2BE32(x) CC_BSWAP(x)
	352	#define CC_H2LE32(x) (x)
	353	#else
316670eb A	354	#define CC_H2BE32(x) (x)
	355	#define CC_H2LE32(x) CC_BSWAP(x)
	356	#endif
	357
5ba3f43e A	358	#define CC_READ_LE32(ptr) \
	359	( (uint32_t)( \
	360	((uint32_t)((const uint8_t *)(ptr))[0]) \| \
	361	(((uint32_t)((const uint8_t *)(ptr))[1]) << 8) \| \
	362	(((uint32_t)((const uint8_t *)(ptr))[2]) << 16) \| \
	363	(((uint32_t)((const uint8_t *)(ptr))[3]) << 24)))
	364
	365	#define CC_WRITE_LE32(ptr, x) \
	366	do { \
	367	((uint8_t *)(ptr))[0] = (uint8_t)( (x) & 0xFF); \
	368	((uint8_t *)(ptr))[1] = (uint8_t)(((x) >> 8) & 0xFF); \
	369	((uint8_t *)(ptr))[2] = (uint8_t)(((x) >> 16) & 0xFF); \
	370	((uint8_t *)(ptr))[3] = (uint8_t)(((x) >> 24) & 0xFF); \
	371	} while(0)
	372
	373	#define CC_WRITE_LE64(ptr, x) \
	374	do { \
	375	((uint8_t *)(ptr))[0] = (uint8_t)( (x) & 0xFF); \
	376	((uint8_t *)(ptr))[1] = (uint8_t)(((x) >> 8) & 0xFF); \
	377	((uint8_t *)(ptr))[2] = (uint8_t)(((x) >> 16) & 0xFF); \
	378	((uint8_t *)(ptr))[3] = (uint8_t)(((x) >> 24) & 0xFF); \
	379	((uint8_t *)(ptr))[4] = (uint8_t)(((x) >> 32) & 0xFF); \
	380	((uint8_t *)(ptr))[5] = (uint8_t)(((x) >> 40) & 0xFF); \
	381	((uint8_t *)(ptr))[6] = (uint8_t)(((x) >> 48) & 0xFF); \
	382	((uint8_t *)(ptr))[7] = (uint8_t)(((x) >> 56) & 0xFF); \
	383	} while(0)
316670eb A	384
	385	/* extract a byte portably */
	386	#ifdef _MSC_VER
	387	#define cc_byte(x, n) ((unsigned char)((x) >> (8 * (n))))
	388	#else
	389	#define cc_byte(x, n) (((x) >> (8 * (n))) & 255)
	390	#endif
	391
fe8ab488 A	392	/* HEAVISIDE_STEP (shifted by one)
	393	function f(x): x->0, when x=0
	394	x->1, when x>0
	395	Can also be seen as a bitwise operation:
	396	f(x): x -> y
	397	y[0]=(OR x[i]) for all i (all bits)
	398	y[i]=0 for all i>0
	399	Run in constant time (log2(<bitsize of x>))
	400	Useful to run constant time checks
	401	*/
39037602 A	402	#define HEAVISIDE_STEP_UINT64(r,s) {uint64_t _t=s; \
39037602 A	403	_t=(((_t)>>32) \| (_t)); \
3e170ce0	404	_t=(0xFFFFFFFF + (_t & 0xFFFFFFFF)); \
39037602	405	r=_t >> 32;}
3e170ce0	406
39037602 A	407	#define HEAVISIDE_STEP_UINT32(r,s) {uint32_t _t=s; \
39037602 A	408	_t=(((_t)>>16) \| (_t)); \
3e170ce0	409	_t=(0xFFFF + (_t & 0xFFFF)); \
39037602 A	410	r=_t >> 16;}
	411
	412	#define HEAVISIDE_STEP_UINT16(r,s) {uint32_t _t=s; \
	413	_t=(0xFFFF + ((_t) & 0xFFFF)); \
	414	r=_t >> 16;}
	415
	416	#define HEAVISIDE_STEP_UINT8(r,s) {uint16_t _t=s; \
	417	_t=(0xFF + ((_t) & 0xFF)); \
	418	r=_t >> 8;}
	419
	420	#define CC_HEAVISIDE_STEP(r,s) { \
	421	if (sizeof(s) == 1) {HEAVISIDE_STEP_UINT8(r,s);} \
	422	else if (sizeof(s) == 2) {HEAVISIDE_STEP_UINT16(r,s);} \
	423	else if (sizeof(s) == 4) {HEAVISIDE_STEP_UINT32(r,s);} \
	424	else if (sizeof(s) == 8) {HEAVISIDE_STEP_UINT64(r,s);} \
	425	else {r=(((s)==0)?0:1);} \
fe8ab488 A	426	}
fe8ab488 A	427
3e170ce0 A	428	/* Return 1 if x mod 4 =1,2,3, 0 otherwise */
	429	#define CC_CARRY_2BITS(x) (((x>>1) \| x) & 0x1)
	430	#define CC_CARRY_3BITS(x) (((x>>2) \| (x>>1) \| x) & 0x1)
fe8ab488 A	431
	432	/* Set a variable to the biggest power of 2 which can be represented */
	433	#define MAX_POWER_OF_2(x) ((__typeof__(x))1<<(8*sizeof(x)-1))
3e170ce0 A	434	#define cc_ceiling(a,b) (((a)+((b)-1))/(b))
3e170ce0 A	435	#define CC_BITLEN_TO_BYTELEN(x) cc_ceiling((x), 8)
fe8ab488	436
5ba3f43e A	437	//cc_try_abort() is implemented to comply with FIPS 140-2. See radar 19129408
5ba3f43e A	438	void cc_try_abort(const char * msg , ...);
39037602 A	439
	440	/*!
	441	@brief cc_muxp(s, a, b) is equivalent to z = s ? a : b, but it executes in constant time
	442	@param a input pointer
	443	@param b input pointer
	444	@param s The selection parameter s must be 0 or 1. if s is integer 1 a is returned. If s is integer 0, b is returned. Otherwise, the output is undefined.
	445	@return Returns a, if s is 1 and b if s is 0
	446	*/
	447	void cc_muxp(int s, const void a, const void *b);
	448
	449	/*!
	450	@brief cc_mux2p
	451	@param a input pointer
	452	@param b input pointer
	453	@param r_true output pointer: if s is integer 1 r_true=a is returned, otherwise r_true=b
	454	@param r_false output pointer: if s is integer 1 r_false=b is returned, otherwise r_false=a
	455	@param s The selection parameter s must be 0 or 1.
	456	@discussion Executes in constant time
	457	*/
	458	void cc_mux2p(int s, void r_true, void r_false, const void a, const void b);
	459
	460	/*!
	461	@brief CC_MUXU(s, a, b) is equivalent to z = s ? a : b, but it executes in constant time
	462	@param a input unsigned type
	463	@param b input unsigned type
	464	@param s The selection parameter s must be 0 or 1. if s is integer 1 a is returned. If s is integer 0, b is returned. Otherwise, the output is undefined.
	465	@param r output
	466	@return r = a, if s is 1 and b if s is 0
	467	*/
	468	#define CC_MUXU(r, s, a, b) \
	469	{ \
	470	__typeof__(r) _cond = ((__typeof__(r))(s)-(__typeof__(r))1); \
	471	r = (~_cond&(a))\|(_cond&(b)); \
	472	}
	473
d9a64523 A	474	/*
	475	Unfortunately, since we export this symbol, this declaration needs
	476	to be in a public header to satisfy TAPI.
	477
	478	See fipspost_trace_priv.h for more details.
	479	*/
	480	extern const void *fipspost_trace_vtable;
39037602	481
316670eb	482	#endif /* _CORECRYPTO_CC_PRIV_H_ */