Skip to content

Commit

Permalink
change(mbedtls/port): unroll first GCM iteration
Browse files Browse the repository at this point in the history
The first loop of gcm_mult() is different from
the others. By unrolling it separately from the
others, the other iterations may take advantage
of the zero-overhead loop construct, in addition
to saving a conditional branch in the loop.
  • Loading branch information
bryghtlabs-richard committed Aug 6, 2024
1 parent 5c21721 commit 1abf631
Showing 1 changed file with 15 additions and 10 deletions.
25 changes: 15 additions & 10 deletions components/mbedtls/port/aes/esp_aes_gcm.c
Original file line number Diff line number Diff line change
Expand Up @@ -211,23 +211,28 @@ static void gcm_mult( esp_gcm_context *ctx, const unsigned char x[16],
uint64_t zh, zl;

lo = x[15] & 0xf;
hi = x[15] >> 4;

zh = ctx->HH[lo];
zl = ctx->HL[lo];

for ( i = 15; i >= 0; i-- ) {
rem = (unsigned char) zl & 0xf;
zl = ( zh << 60 ) | ( zl >> 4 );
zh = ( zh >> 4 );
zh ^= (uint64_t) last4[rem] << 32;
zh ^= ctx->HH[hi];
zl ^= ctx->HL[hi];

for ( i = 14; i >= 0; i-- ) {
lo = x[i] & 0xf;
hi = x[i] >> 4;

if ( i != 15 ) {
rem = (unsigned char) zl & 0xf;
zl = ( zh << 60 ) | ( zl >> 4 );
zh = ( zh >> 4 );
zh ^= (uint64_t) last4[rem] << 32;
zh ^= ctx->HH[lo];
zl ^= ctx->HL[lo];

}
rem = (unsigned char) zl & 0xf;
zl = ( zh << 60 ) | ( zl >> 4 );
zh = ( zh >> 4 );
zh ^= (uint64_t) last4[rem] << 32;
zh ^= ctx->HH[lo];
zl ^= ctx->HL[lo];

rem = (unsigned char) zl & 0xf;
zl = ( zh << 60 ) | ( zl >> 4 );
Expand Down

0 comments on commit 1abf631

Please sign in to comment.