1 files changed, 55 insertions, 0 deletions

diff --git a/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/gf128.h b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/gf128.h
new file mode 100644
index 00000000..75608623
--- /dev/null
+++ b/web/server/h2o/libh2o/deps/picotls/deps/cifra/src/gf128.h
@@ -0,0 +1,55 @@
+/*
+ * cifra - embedded cryptography library
+ * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
+ *
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to the
+ * public domain worldwide. This software is distributed without any
+ * warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#ifndef GF128_H
+#define GF128_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/**
+ * @brief Operations in GF(2^128).
+ *
+ * These implementations are constant time, but relatively slow.
+ */
+
+typedef uint32_t cf_gf128[4];
+
+/* Unpack from big-endian bytes into out. */
+void cf_gf128_frombytes_be(const uint8_t in[16], cf_gf128 out);
+
+/* Pack in big-endian order into out. */
+void cf_gf128_tobytes_be(const cf_gf128 in, uint8_t out[16]);
+
+/* out = 2 * in.  Arguments may not alias. */
+void cf_gf128_double(const cf_gf128 in, cf_gf128 out);
+
+/* out = 2 * in.  Arguments may not alias. 
+ * This differs from cf_gf128_double because it interprets the
+ * block in little endian: the lsb is the msb of the 
+ * first element, the msb is the lsb of the last element.
+ *
+ * GCM uses this convention. */
+void cf_gf128_double_le(const cf_gf128 in, cf_gf128 out);
+
+/* out = x + y.  Arguments may alias. */
+void cf_gf128_add(const cf_gf128 x, const cf_gf128 y, cf_gf128 out);
+
+/* out = xy.  Arguments may alias.
+ *
+ * This uses cf_gf128_double_le internally, and is suitable for
+ * GCM. */
+void cf_gf128_mul(const cf_gf128 x, const cf_gf128 y, cf_gf128 out);
+
+#endif