Eliminated l1_out from umac context structs, store at end of l2_state instead.

e1646357 · Niels Möller · 448502d6 · e1646357 · e1646357 · e1646357
Commit e1646357 authored Apr 16, 2013 by Niels Möller
Showing with 26 additions and 31 deletions

ChangeLog ChangeLog +4 -2

umac-l2.c umac-l2.c +4 -2

umac.h umac.h +6 -7

umac128.c umac128.c +3 -5

umac32.c umac32.c +3 -5

umac64.c umac64.c +3 -5

umac96.c umac96.c +3 -5

No files found.
--- a/ChangeLog
+++ b/ChangeLog
 2013-04-16  Niels Möller  <nisse@lysator.liu.se>

-	* umac-l2.c (_umac_l2): Deleted redundant memcpy.
-
 	* umac.h (umac32_ctx, umac64_ctx, umac96_ctx, umac128_ctx): Make
 	block count an uint64_t. Reorder some elements to put short values
 	together.
 	* umac-l2.c (_umac_l2, _umac_l2_final): Make count argument an uint64_t.
+	(_umac_l2): Deleted redundant memcpy.
+	(_umac_l2, _umac_l2_final): Store input buffer at end of the
+	poly64/poly128 state. Deleted l1_out from corresponding context
+	structs, and updated all callers.

 	* configure.ac: Changed version number to 2.7.
 	(LIBNETTLE_MINOR): Bumped library version, to 4.6

--- a/umac-l2.c
+++ b/umac-l2.c
@@ -57,8 +57,9 @@ _umac_l2_init (unsigned size, uint32_t *k)

 void
 _umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
-	 uint64_t count, uint64_t *prev, const uint64_t *m)
+	 uint64_t count, const uint64_t *m)
 {
+  uint64_t *prev = state + 2*n;
  unsigned i;

  if (count == 0)
@@ -94,8 +95,9 @@ _umac_l2(const uint32_t *key, uint64_t *state, unsigned n,

 void
 _umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
-	       uint64_t count, uint64_t *prev)
+	       uint64_t count)
 {
+  uint64_t *prev = state + 2*n;
  unsigned i;

  assert (count > 0);

--- a/umac.h
+++ b/umac.h
@@ -73,11 +73,10 @@ extern "C" {
  uint32_t l3_key2[(n)];				\
  /* AES cipher for encrypting the nonce */		\
  struct aes_ctx pdf_key;				\
-  /* Buffer l1 output for one block.			\
-     FIXME: Make part of l2 state? */			\
-  uint64_t l1_out[(n)];					\
-  /* For both poly64-hashing and poly128 hashing */	\
-  uint64_t l2_state[2*(n)];				\
+  /* The l2_state consists of 2*n uint64_t, for poly64	\
+     and poly128 hashing, followed by n additional	\
+     uint64_t used as an input buffer. */		\
+  uint64_t l2_state[3*(n)];				\
  /* Input to the pdf_key, zero-padded and low bits	\
     cleared if appropriate. */				\
  uint8_t nonce[AES_BLOCK_SIZE];			\
@@ -219,11 +218,11 @@ _umac_l2_init (unsigned size, uint32_t *k);

 void
 _umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
-	 uint64_t count, uint64_t *prev, const uint64_t *m);
+	 uint64_t count, const uint64_t *m);

 void
 _umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
-	       uint64_t count, uint64_t *prev);
+	       uint64_t count);

 void
 _umac_l3_init (unsigned size, uint64_t *k);

--- a/umac128.c
+++ b/umac128.c
@@ -66,8 +66,7 @@ umac128_set_nonce (struct umac128_ctx *ctx,
    __umac128_y[1] += 8*UMAC_BLOCK_SIZE;				\
    __umac128_y[2] += 8*UMAC_BLOCK_SIZE;				\
    __umac128_y[3] += 8*UMAC_BLOCK_SIZE;				\
-    _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++,		\
-	      ctx->l1_out, __umac128_y);				\
+    _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, __umac128_y); \
  } while (0)

 void
@@ -100,8 +99,7 @@ umac128_digest (struct umac128_ctx *ctx,
      y[1] += 8 * ctx->index;
      y[2] += 8 * ctx->index;
      y[3] += 8 * ctx->index;
-      _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++,
-		ctx->l1_out, y);
+      _umac_l2 (ctx->l2_key, ctx->l2_state, 4, ctx->count++, y);
    }
  assert (ctx->count > 0);

@@ -110,7 +108,7 @@ umac128_digest (struct umac128_ctx *ctx,

  INCREMENT (ctx->nonce_length, ctx->nonce);

-  _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out);
+  _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count);
  for (i = 0; i < 4; i++)
    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
 					  ctx->l2_state + 2*i);

--- a/umac32.c
+++ b/umac32.c
@@ -66,8 +66,7 @@ umac32_set_nonce (struct umac32_ctx *ctx,
    uint64_t __umac32_y							\
      = _umac_nh (ctx->l1_key, UMAC_BLOCK_SIZE, block)			\
      + 8*UMAC_BLOCK_SIZE ;						\
-    _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++,		\
-	      ctx->l1_out, &__umac32_y);				\
+    _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &__umac32_y); \
  } while (0)

 void
@@ -96,8 +95,7 @@ umac32_digest (struct umac32_ctx *ctx,

      y = _umac_nh (ctx->l1_key, ctx->index + pad, ctx->block)
 	+ 8 * ctx->index;
-      _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++,
-		ctx->l1_out, &y);
+      _umac_l2 (ctx->l2_key, ctx->l2_state, 1, ctx->count++, &y);
    }
  assert (ctx->count > 0);
  if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
@@ -122,7 +120,7 @@ umac32_digest (struct umac32_ctx *ctx,
 	INCREMENT (i, ctx->nonce);
    }

-  _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out);
+  _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count);
  pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
  memcpy (digest, &pad, length);


--- a/umac64.c
+++ b/umac64.c
@@ -67,8 +67,7 @@ umac64_set_nonce (struct umac64_ctx *ctx,
    _umac_nh_n (__umac64_y, 2, ctx->l1_key, UMAC_BLOCK_SIZE, block);	\
    __umac64_y[0] += 8*UMAC_BLOCK_SIZE;					\
    __umac64_y[1] += 8*UMAC_BLOCK_SIZE;					\
-    _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++,		\
-	      ctx->l1_out, __umac64_y);					\
+    _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, __umac64_y);	\
  } while (0)

 void
@@ -99,8 +98,7 @@ umac64_digest (struct umac64_ctx *ctx,
      _umac_nh_n (y, 2, ctx->l1_key, ctx->index + pad, ctx->block);
      y[0] += 8 * ctx->index;
      y[1] += 8 * ctx->index;
-      _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++,
-		ctx->l1_out, y);
+      _umac_l2 (ctx->l2_key, ctx->l2_state, 2, ctx->count++, y);
    }
  assert (ctx->count > 0);
  if ( !(ctx->nonce_low & _UMAC_NONCE_CACHED))
@@ -124,7 +122,7 @@ umac64_digest (struct umac64_ctx *ctx,
 	INCREMENT (i, ctx->nonce);
    }

-  _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out);
+  _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count);
  tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
 						ctx->l2_state);
  tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,

--- a/umac96.c
+++ b/umac96.c
@@ -65,8 +65,7 @@ umac96_set_nonce (struct umac96_ctx *ctx,
    __umac96_y[0] += 8*UMAC_BLOCK_SIZE;					\
    __umac96_y[1] += 8*UMAC_BLOCK_SIZE;					\
    __umac96_y[2] += 8*UMAC_BLOCK_SIZE;					\
-    _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++,		\
-	      ctx->l1_out, __umac96_y);					\
+    _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, __umac96_y);	\
  } while (0)

 void
@@ -98,8 +97,7 @@ umac96_digest (struct umac96_ctx *ctx,
      y[0] += 8 * ctx->index;
      y[1] += 8 * ctx->index;
      y[2] += 8 * ctx->index;
-      _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++,
-		ctx->l1_out, y);
+      _umac_l2 (ctx->l2_key, ctx->l2_state, 3, ctx->count++, y);
    }
  assert (ctx->count > 0);

@@ -108,7 +106,7 @@ umac96_digest (struct umac96_ctx *ctx,

  INCREMENT (ctx->nonce_length, ctx->nonce);

-  _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out);
+  _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count);
  for (i = 0; i < 3; i++)
    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
 					  ctx->l2_state + 2*i);