Reland "Cut down /crypto and switch what is left of it to boringssl".

crypto/ghash.h

Index: crypto/ghash.h
diff --git a/crypto/ghash.h b/crypto/ghash.h
deleted file mode 100644
index 6dc247be28e9417a8bd3c5ebb950e470173adf0f..0000000000000000000000000000000000000000
--- a/crypto/ghash.h
+++ /dev/null
@@ -1,86 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/basictypes.h"
-#include "crypto/crypto_export.h"
-
-namespace crypto {
-
-// GaloisHash implements the polynomial authenticator part of GCM as specified
-// in http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
-// Specifically it implements the GHASH function, defined in section 2.3 of
-// that document.
-//
-// In SP-800-38D, GHASH is defined differently and takes only a single data
-// argument. But it is always called with an argument of a certain form:
-//   GHASH_H (A || 0^v || C || 0^u || [len(A)]_64 || [len(C)]_64)
-// This mirrors how the gcm-revised-spec.pdf version of GHASH handles its two
-// data arguments. The two GHASH functions therefore differ only in whether the
-// data is formatted inside or outside of the function.
-//
-// WARNING: do not use this as a generic authenticator. Polynomial
-// authenticators must be used in the correct manner and any use outside of GCM
-// requires careful consideration.
-//
-// WARNING: this code is not constant time. However, in all likelihood, nor is
-// the implementation of AES that is used.
-class CRYPTO_EXPORT_PRIVATE GaloisHash {
- public:
-  explicit GaloisHash(const uint8 key[16]);
-
-  // Reset prepares to digest a fresh message with the same key. This is more
-  // efficient than creating a fresh object.
-  void Reset();
-
-  // UpdateAdditional hashes in `additional' data. This is data that is not
-  // encrypted, but is covered by the authenticator. All additional data must
-  // be written before any ciphertext is written.
-  void UpdateAdditional(const uint8* data, size_t length);
-
-  // UpdateCiphertext hashes in ciphertext to be authenticated.
-  void UpdateCiphertext(const uint8* data, size_t length);
-
-  // Finish completes the hash computation and writes at most |len| bytes of
-  // the result to |output|.
-  void Finish(void* output, size_t len);
-
- private:
-  enum State {
-    kHashingAdditionalData,
-    kHashingCiphertext,
-    kComplete,
-  };
-
-  struct FieldElement {
-    uint64 low, hi;
-  };
-
-  // Add returns |x|+|y|.
-  static FieldElement Add(const FieldElement& x, const FieldElement& y);
-  // Double returns 2*|x|.
-  static FieldElement Double(const FieldElement& x);
-  // MulAfterPrecomputation sets |x| = |x|*h where h is |table[1]| and
-  // table[i] = i*h for i=0..15.
-  static void MulAfterPrecomputation(const FieldElement* table,
-                                     FieldElement* x);
-  // Mul16 sets |x| = 16*|x|.
-  static void Mul16(FieldElement* x);
-
-  // UpdateBlocks processes |num_blocks| 16-bytes blocks from |bytes|.
-  void UpdateBlocks(const uint8* bytes, size_t num_blocks);
-  // Update processes |length| bytes from |bytes| and calls UpdateBlocks on as
-  // much data as possible. It uses |buf_| to buffer any remaining data and
-  // always consumes all of |bytes|.
-  void Update(const uint8* bytes, size_t length);
-
-  FieldElement y_;
-  State state_;
-  size_t additional_bytes_;
-  size_t ciphertext_bytes_;
-  uint8 buf_[16];
-  size_t buf_used_;
-  FieldElement product_table_[16];
-};
-
-}  // namespace crypto