From 782667883a77abc7283b4cfc9b5fca0bb2badeb5 Mon Sep 17 00:00:00 2001
From: Matthias Schulz <mschulz@hilscher.com>
Date: Thu, 8 Feb 2024 13:54:48 +0100
Subject: [PATCH] Fix: - Remove unnecessary tests. - Update description of
 MBEDTLS_GCM_LARGETABLE parameter. - Move acceleration defines from gcm.h to
 gcm.c. - Remove unnecessary zero setting after shift. - Fix implementation
 for big-endian architectures.

Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
---
 include/mbedtls/gcm.h            |  5 ----
 include/mbedtls/mbedtls_config.h |  3 +++
 library/gcm.c                    | 39 ++++++++++++++++++++++----------
 tests/scripts/all.sh             | 39 --------------------------------
 4 files changed, 30 insertions(+), 56 deletions(-)

diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index f475710276..2f9a2cd7b2 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -33,11 +33,6 @@
 #define MBEDTLS_GCM_ENCRYPT     1
 #define MBEDTLS_GCM_DECRYPT     0
 
-#define MBEDTLS_GCM_ACC_SMALLTABLE  0
-#define MBEDTLS_GCM_ACC_LARGETABLE  1
-#define MBEDTLS_GCM_ACC_AESNI       2
-#define MBEDTLS_GCM_ACC_AESCE       3
-
 /** Authenticated decryption failed. */
 #define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012
 /** Bad input parameters to function. */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index f46773733f..18dbcd1e37 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2807,6 +2807,9 @@
  * Can significantly increase throughput on systems without GCM hardware
  * acceleration (e.g., AESNI, AESCE).
  *
+ * The mbedtls_gcm_context size will increase by 3840 bytes.
+ * The code size will increase by roughly 344 bytes.
+ *
  * Module:  library/gcm.c
  *
  * Requires: MBEDTLS_GCM_C
diff --git a/library/gcm.c b/library/gcm.c
index 4a01f5c687..fc03acd6e8 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -41,6 +41,12 @@
 
 #if !defined(MBEDTLS_GCM_ALT)
 
+/* Used to select the acceleration mechanism */
+#define MBEDTLS_GCM_ACC_SMALLTABLE  0
+#define MBEDTLS_GCM_ACC_LARGETABLE  1
+#define MBEDTLS_GCM_ACC_AESNI       2
+#define MBEDTLS_GCM_ACC_AESCE       3
+
 /*
  * Initialize a context
  */
@@ -253,17 +259,28 @@ static void gcm_mult_largetable(uint8_t *output, const uint8_t *x, uint64_t H[25
     u64z[0] = 0;
     u64z[1] = 0;
 
-    for (i = 15; i > 0; i--) {
-        mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[x[i]], 16);
+    if (MBEDTLS_IS_BIG_ENDIAN) {
+        for (i = 15; i > 0; i--) {
+            mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[x[i]], 16);
+            rem = u8z[15];
 
-        rem = u8z[15];
+            u64z[1] >>= 8;
+            u8z[8] = u8z[7];
+            u64z[0] >>= 8;
 
-        u64z[1] <<= 8;
-        u8z[8] = u8z[7];
-        u64z[0] <<= 8;
+            u16z[0] ^= MBEDTLS_GET_UINT16_LE(&last8[rem], 0);
+        }
+    } else {
+        for (i = 15; i > 0; i--) {
+            mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[x[i]], 16);
+            rem = u8z[15];
 
-        u8z[0] = 0;
-        u16z[0] ^= last8[rem];
+            u64z[1] <<= 8;
+            u8z[8] = u8z[7];
+            u64z[0] <<= 8;
+
+            u16z[0] ^= last8[rem];
+        }
     }
 
     mbedtls_xor_no_simd(output, u8z, (uint8_t *) H[x[0]], 16);
@@ -318,10 +335,8 @@ static void gcm_mult_smalltable(uint8_t *output, const uint8_t *x, uint64_t H[16
         mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[hi], 16);
     }
 
-    MBEDTLS_PUT_UINT32_BE(u64z[0] >> 32, output, 0);
-    MBEDTLS_PUT_UINT32_BE(u64z[0], output, 4);
-    MBEDTLS_PUT_UINT32_BE(u64z[1] >> 32, output, 8);
-    MBEDTLS_PUT_UINT32_BE(u64z[1], output, 12);
+    MBEDTLS_PUT_UINT64_BE(u64z[0], output, 0);
+    MBEDTLS_PUT_UINT64_BE(u64z[1], output, 8);
 }
 #endif
 
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a21566cd6b..5a61c3cecb 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4950,45 +4950,6 @@ component_test_gcm_largetable () {
 
     make CFLAGS='-O2 -Werror -Wall -Wextra'
 
-    msg "test: default config + GCM_LARGETABLE - AESNI_C - AESCE_C"
-    make test
-}
-
-component_test_gcm_largetable_gcc () {
-    msg "build: default config + GCM_LARGETABLE - AESNI_C - AESCE_C"
-    scripts/config.py set MBEDTLS_GCM_LARGETABLE
-    scripts/config.py unset MBEDTLS_PADLOCK_C
-    scripts/config.py unset MBEDTLS_AESNI_C
-    scripts/config.py unset MBEDTLS_AESCE_C
-
-    make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra'
-
-    msg "test: default config - GCM_LARGETABLE - AESNI_C - AESCE_C"
-    make test
-}
-
-component_test_gcm_smalltable () {
-    msg "build: default config - GCM_LARGETABLE - AESNI_C - AESCE_C"
-    scripts/config.py unset MBEDTLS_GCM_LARGETABLE
-    scripts/config.py unset MBEDTLS_PADLOCK_C
-    scripts/config.py unset MBEDTLS_AESNI_C
-    scripts/config.py unset MBEDTLS_AESCE_C
-
-    make CFLAGS='-O2 -Werror -Wall -Wextra'
-
-    msg "test: default config - GCM_LARGETABLE - AESNI_C - AESCE_C"
-    make test
-}
-
-component_test_gcm_smalltable_gcc () {
-    msg "build: default config - GCM_LARGETABLE - AESNI_C - AESCE_C"
-    scripts/config.py unset MBEDTLS_GCM_LARGETABLE
-    scripts/config.py unset MBEDTLS_PADLOCK_C
-    scripts/config.py unset MBEDTLS_AESNI_C
-    scripts/config.py unset MBEDTLS_AESCE_C
-
-    make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra'
-
     msg "test: default config - GCM_LARGETABLE - AESNI_C - AESCE_C"
     make test
 }