* poly1305-internal.h: Likewise.
* salsa20-internal.h: Likewise.
* sha3-internal.h: Likewise.
+ * umac-internal.h: Likewise.
2020-11-26 Niels Möller <nisse@lysator.liu.se>
#include "nettle-types.h"
-#define _umac_set_key _nettle_umac_set_key
-#define _umac_nh _nettle_umac_nh
-#define _umac_nh_n _nettle_umac_nh_n
-#define _umac_poly64 _nettle_umac_poly64
-#define _umac_poly128 _nettle_umac_poly128
-#define _umac_l2_init _nettle_umac_l2_init
-#define _umac_l2 _nettle_umac_l2
-#define _umac_l2_final _nettle_umac_l2_final
-#define _umac_l3_init _nettle_umac_l3_init
-#define _umac_l3 _nettle_umac_l3
-
void
-_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
- uint64_t *l3_key1, uint32_t *l3_key2,
- struct aes128_ctx *pad, const uint8_t *key, unsigned n);
+_nettle_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
+ uint64_t *l3_key1, uint32_t *l3_key2,
+ struct aes128_ctx *pad, const uint8_t *key, unsigned n);
uint64_t
-_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
+_nettle_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
/* Equivalent to
but processing input only once.
*/
void
-_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
- unsigned length, const uint8_t *msg);
+_nettle_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
+ unsigned length, const uint8_t *msg);
/* Returns y*k + m (mod p), including "marker" processing. Return
value is *not* in canonical representation, and must be normalized
before the output is used. */
uint64_t
-_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
+_nettle_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
void
-_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
+_nettle_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
void
-_umac_l2_init (unsigned size, uint32_t *k);
+_nettle_umac_l2_init (unsigned size, uint32_t *k);
void
-_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count, const uint64_t *m);
+_nettle_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count, const uint64_t *m);
void
-_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count);
+_nettle_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count);
void
-_umac_l3_init (unsigned size, uint64_t *k);
+_nettle_umac_l3_init (unsigned size, uint64_t *k);
uint32_t
-_umac_l3 (const uint64_t *key, const uint64_t *m);
+_nettle_umac_l3 (const uint64_t *key, const uint64_t *m);
#endif /* NETTLE_UMAC_INTERNAL_H_INCLUDED */
#endif
void
-_umac_l2_init (unsigned size, uint32_t *k)
+_nettle_umac_l2_init (unsigned size, uint32_t *k)
{
unsigned i;
for (i = 0; i < size; i++)
}
void
-_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count, const uint64_t *m)
+_nettle_umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count, const uint64_t *m)
{
uint64_t *prev = state + 2*n;
unsigned i;
else if (count == 1)
for (i = 0; i < n; i++, key += 6)
{
- uint64_t y = _umac_poly64 (key[0], key[1], 1, prev[i]);
- state[2*i+1] = _umac_poly64 (key[0], key[1], y, m[i]);
+ uint64_t y = _nettle_umac_poly64 (key[0], key[1], 1, prev[i]);
+ state[2*i+1] = _nettle_umac_poly64 (key[0], key[1], y, m[i]);
}
else if (count < UMAC_POLY64_BLOCKS)
for (i = 0; i < n; i++, key += 6)
- state[2*i+1] = _umac_poly64 (key[0], key[1], state[2*i+1], m[i]);
+ state[2*i+1] = _nettle_umac_poly64 (key[0], key[1], state[2*i+1], m[i]);
else if (count % 2 == 0)
{
if (count == UMAC_POLY64_BLOCKS)
state[2*i] = 0;
state[2*i+1] = 1;
- _umac_poly128 (key, state + 2*i, 0, y);
+ _nettle_umac_poly128 (key, state + 2*i, 0, y);
}
memcpy (prev, m, n * sizeof(*m));
}
else
for (i = 0, key += 2; i < n; i++, key += 6)
- _umac_poly128 (key, state + 2*i, prev[i], m[i]);
+ _nettle_umac_poly128 (key, state + 2*i, prev[i], m[i]);
}
void
-_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
- uint64_t count)
+_nettle_umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
+ uint64_t count)
{
uint64_t *prev = state + 2*n;
unsigned i;
uint64_t pad = (uint64_t) 1 << 63;
if (count % 2 == 1)
for (i = 0, key += 2; i < n; i++, key += 6)
- _umac_poly128 (key, state + 2*i, prev[i], pad);
+ _nettle_umac_poly128 (key, state + 2*i, prev[i], pad);
else
for (i = 0, key += 2; i < n; i++, key += 6)
- _umac_poly128 (key, state + 2*i, pad, 0);
+ _nettle_umac_poly128 (key, state + 2*i, pad, 0);
for (i = 0; i < n; i++, state += 2)
{
#endif
void
-_umac_l3_init (unsigned size, uint64_t *k)
+_nettle_umac_l3_init (unsigned size, uint64_t *k)
{
unsigned i;
for (i = 0; i < size; i++)
}
uint32_t
-_umac_l3 (const uint64_t *key, const uint64_t *m)
+_nettle_umac_l3 (const uint64_t *key, const uint64_t *m)
{
uint32_t y = (umac_l3_word (key, m[0])
+ umac_l3_word (key + 4, m[1])) % P;
#endif
void
-_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
- unsigned length, const uint8_t *msg)
+_nettle_umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
+ unsigned length, const uint8_t *msg)
{
assert (length > 0);
assert (length <= 1024);
#endif
uint64_t
-_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg)
+_nettle_umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg)
{
uint64_t y;
}
void
-_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml)
+_nettle_umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml)
{
uint64_t yh, yl, cy;
}
uint64_t
-_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m)
+_nettle_umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m)
{
if ( (m >> 32) == 0xffffffff)
{
#endif
void
-_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
- uint64_t *l3_key1, uint32_t *l3_key2,
- struct aes128_ctx *aes, const uint8_t *key, unsigned n)
+_nettle_umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
+ uint64_t *l3_key1, uint32_t *l3_key2,
+ struct aes128_ctx *aes, const uint8_t *key, unsigned n)
{
unsigned size;
uint8_t buffer[UMAC_KEY_SIZE];
size = 6*n;
umac_kdf (aes, 2, size * sizeof(uint32_t), (uint8_t *) l2_key);
- _umac_l2_init (size, l2_key);
+ _nettle_umac_l2_init (size, l2_key);
size = 8*n;
umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
- _umac_l3_init (size, l3_key1);
+ _nettle_umac_l3_init (size, l3_key1);
/* No need to byteswap these subkeys. */
umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
void
umac128_set_key (struct umac128_ctx *ctx, const uint8_t *key)
{
- _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
- &ctx->pdf_key, key, 4);
+ _nettle_umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 4);
/* Clear nonce */
memset (ctx->nonce, 0, sizeof(ctx->nonce));
#define UMAC128_BLOCK(ctx, block) do { \
uint64_t __umac128_y[4]; \
- _umac_nh_n (__umac128_y, 4, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
+ _nettle_umac_nh_n (__umac128_y, 4, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
__umac128_y[0] += 8*UMAC_BLOCK_SIZE; \
__umac128_y[1] += 8*UMAC_BLOCK_SIZE; \
__umac128_y[2] += 8*UMAC_BLOCK_SIZE; \
__umac128_y[3] += 8*UMAC_BLOCK_SIZE; \
- _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, __umac128_y); \
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, __umac128_y); \
} while (0)
void
unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
memset (ctx->block + ctx->index, 0, pad);
- _umac_nh_n (y, 4, ctx->l1_key, ctx->index + pad, ctx->block);
+ _nettle_umac_nh_n (y, 4, ctx->l1_key, ctx->index + pad, ctx->block);
y[0] += 8 * ctx->index;
y[1] += 8 * ctx->index;
y[2] += 8 * ctx->index;
y[3] += 8 * ctx->index;
- _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, y);
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, y);
}
assert (ctx->count > 0);
INCREMENT (ctx->nonce_length, ctx->nonce);
- _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count);
+ _nettle_umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count);
for (i = 0; i < 4; i++)
- tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
- ctx->l2_state + 2*i);
+ tag[i] ^= ctx->l3_key2[i] ^ _nettle_umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
memcpy (digest, tag, length);
void
umac32_set_key (struct umac32_ctx *ctx, const uint8_t *key)
{
- _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
- &ctx->pdf_key, key, 1);
+ _nettle_umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 1);
/* Clear nonce */
memset (ctx->nonce, 0, sizeof(ctx->nonce));
#define UMAC32_BLOCK(ctx, block) do { \
uint64_t __umac32_y \
- = _umac_nh (ctx->l1_key, UMAC_BLOCK_SIZE, block) \
+ = _nettle_umac_nh (ctx->l1_key, UMAC_BLOCK_SIZE, block) \
+ 8*UMAC_BLOCK_SIZE ; \
- _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &__umac32_y); \
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &__umac32_y); \
} while (0)
void
unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
memset (ctx->block + ctx->index, 0, pad);
- y = _umac_nh (ctx->l1_key, ctx->index + pad, ctx->block)
+ y = _nettle_umac_nh (ctx->l1_key, ctx->index + pad, ctx->block)
+ 8 * ctx->index;
- _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &y);
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &y);
}
assert (ctx->count > 0);
if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
INCREMENT (i, ctx->nonce);
}
- _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count);
- pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
+ _nettle_umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count);
+ pad ^= ctx->l3_key2[0] ^ _nettle_umac_l3 (ctx->l3_key1, ctx->l2_state);
memcpy (digest, &pad, length);
/* Reinitialize */
void
umac64_set_key (struct umac64_ctx *ctx, const uint8_t *key)
{
- _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
- &ctx->pdf_key, key, 2);
+ _nettle_umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 2);
/* Clear nonce */
memset (ctx->nonce, 0, sizeof(ctx->nonce));
#define UMAC64_BLOCK(ctx, block) do { \
uint64_t __umac64_y[2]; \
- _umac_nh_n (__umac64_y, 2, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
+ _nettle_umac_nh_n (__umac64_y, 2, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
__umac64_y[0] += 8*UMAC_BLOCK_SIZE; \
__umac64_y[1] += 8*UMAC_BLOCK_SIZE; \
- _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, __umac64_y); \
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, __umac64_y); \
} while (0)
void
unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
memset (ctx->block + ctx->index, 0, pad);
- _umac_nh_n (y, 2, ctx->l1_key, ctx->index + pad, ctx->block);
+ _nettle_umac_nh_n (y, 2, ctx->l1_key, ctx->index + pad, ctx->block);
y[0] += 8 * ctx->index;
y[1] += 8 * ctx->index;
- _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, y);
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, y);
}
assert (ctx->count > 0);
if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
INCREMENT (i, ctx->nonce);
}
- _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count);
- tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
- ctx->l2_state);
- tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
- ctx->l2_state + 2);
+ _nettle_umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count);
+ tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _nettle_umac_l3 (ctx->l3_key1,
+ ctx->l2_state);
+ tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _nettle_umac_l3 (ctx->l3_key1 + 8,
+ ctx->l2_state + 2);
memcpy (digest, tag, length);
/* Reinitialize */
void
umac96_set_key (struct umac96_ctx *ctx, const uint8_t *key)
{
- _umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
- &ctx->pdf_key, key, 3);
+ _nettle_umac_set_key (ctx->l1_key, ctx->l2_key, ctx->l3_key1, ctx->l3_key2,
+ &ctx->pdf_key, key, 3);
/* Clear nonce */
memset (ctx->nonce, 0, sizeof(ctx->nonce));
#define UMAC96_BLOCK(ctx, block) do { \
uint64_t __umac96_y[3]; \
- _umac_nh_n (__umac96_y, 3, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
+ _nettle_umac_nh_n (__umac96_y, 3, ctx->l1_key, UMAC_BLOCK_SIZE, block); \
__umac96_y[0] += 8*UMAC_BLOCK_SIZE; \
__umac96_y[1] += 8*UMAC_BLOCK_SIZE; \
__umac96_y[2] += 8*UMAC_BLOCK_SIZE; \
- _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, __umac96_y); \
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, __umac96_y); \
} while (0)
void
unsigned pad = (ctx->index > 0) ? 31 & - ctx->index : 32;
memset (ctx->block + ctx->index, 0, pad);
- _umac_nh_n (y, 3, ctx->l1_key, ctx->index + pad, ctx->block);
+ _nettle_umac_nh_n (y, 3, ctx->l1_key, ctx->index + pad, ctx->block);
y[0] += 8 * ctx->index;
y[1] += 8 * ctx->index;
y[2] += 8 * ctx->index;
- _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, y);
+ _nettle_umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, y);
}
assert (ctx->count > 0);
INCREMENT (ctx->nonce_length, ctx->nonce);
- _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count);
+ _nettle_umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count);
for (i = 0; i < 3; i++)
- tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
- ctx->l2_state + 2*i);
+ tag[i] ^= ctx->l3_key2[i] ^ _nettle_umac_l3 (ctx->l3_key1 + 8*i,
+ ctx->l2_state + 2*i);
memcpy (digest, tag, length);
projects / thirdparty / nettle.git / commitdiff
