2013-04-11 Niels Möller <nisse@lysator.liu.se>
+ * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
+ can be xored directly to the pad in native byteorder.
+ * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
+ xor. Updated all callers.
+ * umac32.c (umac32_digest): Adapt to l3 changes.
+ * umac64.c (umac64_digest): Likewise.
+ * umac96.c (umac96_digest): Likewise.
+ * umac128.c (umac128_digest): Likewise.
+
Initial implementation of umac.
* umac.h: New file.
* umac-nh.c: New file.
}
uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m)
+_umac_l3 (const uint64_t *key, const uint64_t *m)
{
- uint32_t y = (umac_l3_word (key_1, m[0])
- + umac_l3_word (key_1 + 4, m[1])) % P;
- y ^= key_2;
+ uint32_t y = (umac_l3_word (key, m[0])
+ + umac_l3_word (key + 4, m[1])) % P;
+
#if !WORDS_BIGENDIAN
y = ((ROTL32(8, y) & 0x00FF00FFUL)
| (ROTL32(24, y) & 0xFF00FF00UL));
umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
_umac_l3_init (size, l3_key1);
+ /* No need to byteswap these subkeys. */
umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
- BE_SWAP32_N (n, l3_key2);
umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);
_umac_l3_init (unsigned size, uint64_t *k);
uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m);
+_umac_l3 (const uint64_t *key, const uint64_t *m);
#ifdef __cplusplus
}
_umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out);
for (i = 0; i < 4; i++)
- tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+ tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
memcpy (digest, tag, length);
}
_umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out);
- pad ^= _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
+ pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
memcpy (digest, &pad, length);
/* Reinitialize */
}
_umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out);
- tag[0] = pad[0] ^ _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
- tag[1] = pad[1] ^ _umac_l3 (ctx->l3_key1 + 8, ctx->l3_key2[1],
- ctx->l2_state + 2);
+ tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
+ ctx->l2_state);
+ tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
+ ctx->l2_state + 2);
memcpy (digest, tag, length);
/* Reinitialize */
_umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out);
for (i = 0; i < 3; i++)
- tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+ tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
memcpy (digest, tag, length);
projects / thirdparty / nettle.git / commitdiff
