From 5938db8f02065cd62cc0d6fcb8d2c6cce48fb5eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 11 Apr 2013 15:10:43 +0200
Subject: [PATCH] Minor reorg of umac l3 hashing.

---
 ChangeLog      | 9 +++++++++
 umac-l3.c      | 8 ++++----
 umac-set-key.c | 2 +-
 umac.h         | 2 +-
 umac128.c      | 3 ++-
 umac32.c       | 2 +-
 umac64.c       | 7 ++++---
 umac96.c       | 3 ++-
 8 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b1137e3e..80af73fb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
 2013-04-11  Niels Möller  <nisse@lysator.liu.se>
 
+	* umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
+	can be xored directly to the pad in native byteorder.
+	* umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
+	xor. Updated all callers.
+	* umac32.c (umac32_digest): Adapt to l3 changes.
+	* umac64.c (umac64_digest): Likewise.
+	* umac96.c (umac96_digest): Likewise.
+	* umac128.c (umac128_digest): Likewise.
+
 	Initial implementation of umac.
 	* umac.h: New file.
 	* umac-nh.c: New file.
diff --git a/umac-l3.c b/umac-l3.c
index 7a13847e..3a896e50 100644
--- a/umac-l3.c
+++ b/umac-l3.c
@@ -74,11 +74,11 @@ umac_l3_word (const uint64_t *k, uint64_t w)
 }
 
 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m)
+_umac_l3 (const uint64_t *key, const uint64_t *m)
 {
-  uint32_t y = (umac_l3_word (key_1, m[0])
-		+ umac_l3_word (key_1 + 4, m[1])) % P;
-  y ^= key_2;
+  uint32_t y = (umac_l3_word (key, m[0])
+		+ umac_l3_word (key + 4, m[1])) % P;
+
 #if !WORDS_BIGENDIAN
   y = ((ROTL32(8,  y) & 0x00FF00FFUL)
        | (ROTL32(24, y) & 0xFF00FF00UL));
diff --git a/umac-set-key.c b/umac-set-key.c
index c1f79687..05dcf697 100644
--- a/umac-set-key.c
+++ b/umac-set-key.c
@@ -90,8 +90,8 @@ _umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
   umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
   _umac_l3_init (size, l3_key1);
 
+  /* No need to byteswap these subkeys. */
   umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
-  BE_SWAP32_N (n, l3_key2);
 
   umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
   aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);
diff --git a/umac.h b/umac.h
index 415d797f..a2fd0101 100644
--- a/umac.h
+++ b/umac.h
@@ -221,7 +221,7 @@ void
 _umac_l3_init (unsigned size, uint64_t *k);
 
 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m);
+_umac_l3 (const uint64_t *key, const uint64_t *m);
 
 #ifdef __cplusplus
 }
diff --git a/umac128.c b/umac128.c
index c4a6dbb5..74936021 100644
--- a/umac128.c
+++ b/umac128.c
@@ -117,7 +117,8 @@ umac128_digest (struct umac128_ctx *ctx,
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out);
   for (i = 0; i < 4; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);
 
   memcpy (digest, tag, length);
 
diff --git a/umac32.c b/umac32.c
index 00ba2f7a..c3714fa3 100644
--- a/umac32.c
+++ b/umac32.c
@@ -122,7 +122,7 @@ umac32_digest (struct umac32_ctx *ctx,
     }
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out);
-  pad ^= _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
+  pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
   memcpy (digest, &pad, length);
 
   /* Reinitialize */
diff --git a/umac64.c b/umac64.c
index 015cefd0..6f8132de 100644
--- a/umac64.c
+++ b/umac64.c
@@ -125,9 +125,10 @@ umac64_digest (struct umac64_ctx *ctx,
     }
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out);
-  tag[0] = pad[0] ^ _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
-  tag[1] = pad[1] ^ _umac_l3 (ctx->l3_key1 + 8, ctx->l3_key2[1],
-			      ctx->l2_state + 2);
+  tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
+						ctx->l2_state);
+  tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
+						ctx->l2_state + 2);
   memcpy (digest, tag, length);
 
   /* Reinitialize */
diff --git a/umac96.c b/umac96.c
index ab7b33fa..b4b43ed7 100644
--- a/umac96.c
+++ b/umac96.c
@@ -115,7 +115,8 @@ umac96_digest (struct umac96_ctx *ctx,
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out);
   for (i = 0; i < 3; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);
 
   memcpy (digest, tag, length);
 
-- 
GitLab