From: Nick Mathewson Date: Sun, 20 Apr 2025 14:37:38 +0000 (-0400) Subject: Polyval: add ability to store key separately. X-Git-Tag: tor-0.4.9.3-alpha~49^2~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3aa29c52b6a4dba599ab75310f3c639874e7f22a;p=thirdparty%2Ftor.git Polyval: add ability to store key separately. This will help reduce storage, since we never actually need to keep a running total outside of a function. --- diff --git a/src/ext/polyval/ctmul.c b/src/ext/polyval/ctmul.c index b4bfa25bce..f408b580a3 100644 --- a/src/ext/polyval/ctmul.c +++ b/src/ext/polyval/ctmul.c @@ -197,7 +197,7 @@ static void pv_mul_y_h(polyval_t *pv) { uint32_t *yw = pv->y.v; - const uint32_t *hw = pv->h.v; + const uint32_t *hw = pv->key.h.v; /* * Throughout the loop we handle the y and h values as arrays diff --git a/src/ext/polyval/ctmul64.c b/src/ext/polyval/ctmul64.c index c2205953a3..1b10aa196f 100644 --- a/src/ext/polyval/ctmul64.c +++ b/src/ext/polyval/ctmul64.c @@ -80,11 +80,11 @@ pv_mul_y_h(polyval_t *pv) y0 = pv->y.lo; y1 = pv->y.hi; - h0 = pv->h.lo; - h1 = pv->h.hi; + h0 = pv->key.h.lo; + h1 = pv->key.h.hi; // TODO(nm) does it actually make sense for us to precompute this? - h0r = pv->hr.lo; - h1r = pv->hr.hi; + h0r = pv->key.hr.lo; + h1r = pv->key.hr.hi; h2 = h0 ^ h1; h2r = h0r ^ h1r; diff --git a/src/ext/polyval/pclmul.c b/src/ext/polyval/pclmul.c index 5a10c1e29a..2248aa6fcb 100644 --- a/src/ext/polyval/pclmul.c +++ b/src/ext/polyval/pclmul.c @@ -156,7 +156,7 @@ void pv_mul_y_h(polyval_t *pv) { __m128i yw, h1w, h1x; - h1w = pv->h; + h1w = pv->key.h; BK(h1w, h1x); { diff --git a/src/ext/polyval/polyval.c b/src/ext/polyval/polyval.c index e0e0c6d597..cc31a92be9 100644 --- a/src/ext/polyval/polyval.c +++ b/src/ext/polyval/polyval.c @@ -66,7 +66,7 @@ static inline void pv_xor_y(polyval_t *, u128 v); /** * Initialize any derived fields in pv. */ -static inline void pv_init_extra(polyval_t *pv); +static inline void pv_init_extra(polyval_key_t *pv); /* ======== * The function which we expect our backend to implement. @@ -140,7 +140,7 @@ pv_xor_y(polyval_t *pv, u128 v) pv->y = _mm_xor_si128(pv->y, v); } static inline void -pv_init_extra(polyval_t *pv) +pv_init_extra(polyval_key_t *pv) { (void)pv; } @@ -173,7 +173,7 @@ pv_xor_y(polyval_t *pv, u128 val) pv->y.hi ^= val.hi; } static inline void -pv_init_extra(polyval_t *pv) +pv_init_extra(polyval_key_t *pv) { pv->hr.lo = rev64(pv->h.lo); pv->hr.hi = rev64(pv->h.hi); @@ -208,18 +208,29 @@ pv_xor_y(polyval_t *pv, u128 val) } } static inline void -pv_init_extra(polyval_t *pv) +pv_init_extra(polyval_key_t *pv) { (void)pv; } #endif +void +polyval_key_init(polyval_key_t *pvk, const uint8_t *key) +{ + pvk->h = u128_from_bytes(key); + pv_init_extra(pvk); +} void polyval_init(polyval_t *pv, const uint8_t *key) { - pv->h = u128_from_bytes(key); + polyval_key_init(&pv->key, key); + memset(&pv->y, 0, sizeof(u128)); +} +void +polyval_init_from_key(polyval_t *pv, const polyval_key_t *key) +{ + memcpy(&pv->key, key, sizeof(polyval_key_t)); memset(&pv->y, 0, sizeof(u128)); - pv_init_extra(pv); } void polyval_add_block(polyval_t *pv, const uint8_t *block) diff --git a/src/ext/polyval/polyval.h b/src/ext/polyval/polyval.h index 3a137794c6..5bfaae1e88 100644 --- a/src/ext/polyval/polyval.h +++ b/src/ext/polyval/polyval.h @@ -54,17 +54,22 @@ typedef struct pv_u128_ { } pv_u128_; #endif -/** - * State for an instance of the polyval hash. - **/ -typedef struct polyval_t { - /** The key itself. */ +/** A key for a polyval hash, plus any precomputed key material. */ +typedef struct polyval_key_t { pv_u128_ h; #ifdef PV_USE_CTMUL64 /** The elements of the key in bit-reversed form. * (Used as an optimization.) */ pv_u128_ hr; #endif +} polyval_key_t; + +/** + * State for an instance of the polyval hash. + **/ +typedef struct polyval_t { + /** The key used for this instance of polyval. */ + polyval_key_t key; /** The accumulator */ pv_u128_ y; } polyval_t; @@ -82,10 +87,18 @@ typedef struct polyval_t { */ #define POLYVAL_TAG_LEN 16 +/** Do any necessary precomputation from a polyval key, + * and store it. + */ +void polyval_key_init(polyval_key_t *, const uint8_t *key); /** * Initialize a polyval instance with a given key. */ void polyval_init(polyval_t *, const uint8_t *key); +/** + * Initialize a polyval instance with a preconstructed key. + */ +void polyval_init_from_key(polyval_t *, const polyval_key_t *key); /** * Update a polyval instance with a new 16-byte block. */