Commit f508b1fe authored by Niels Möller's avatar Niels Möller

Use union nettle_block16 in eax structs.

parent 00e21029
2014-01-27 Niels Möller <nisse@lysator.liu.se>
* eax.h (struct eax_key, struct eax_ctx): Use union
nettle_block16, for alignment.
* eax.c: Updated everything to use nettle_block16.
(block16_xor): New function.
* examples/nettle-benchmark.c (time_eax): New function.
(main): Use it.
......
......@@ -36,41 +36,53 @@
#include "memxor.h"
static void
omac_init (uint8_t *state, unsigned t)
omac_init (union nettle_block16 *state, unsigned t)
{
memset (state, 0, EAX_BLOCK_SIZE - 1);
state[EAX_BLOCK_SIZE - 1] = t;
memset (state->b, 0, EAX_BLOCK_SIZE - 1);
state->b[EAX_BLOCK_SIZE - 1] = t;
}
/* Almost the same as gcm_gf_add */
static void
omac_update (uint8_t *state, const struct eax_key *key,
block16_xor (union nettle_block16 *dst, const union nettle_block16 *src)
{
dst->w[0] ^= src->w[0];
dst->w[1] ^= src->w[1];
#if SIZEOF_LONG == 4
dst->w[2] = src->w[2];
dst->w[3] = src->w[3];
#endif
}
static void
omac_update (union nettle_block16 *state, const struct eax_key *key,
void *cipher, nettle_crypt_func *f,
size_t length, const uint8_t *data)
{
for (; length >= EAX_BLOCK_SIZE;
length -= EAX_BLOCK_SIZE, data += EAX_BLOCK_SIZE)
{
f (cipher, EAX_BLOCK_SIZE, state, state);
memxor (state, data, EAX_BLOCK_SIZE);
f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
memxor (state->b, data, EAX_BLOCK_SIZE);
}
if (length > 0)
{
/* Allowed only for the last call */
f (cipher, EAX_BLOCK_SIZE, state, state);
memxor (state, data, length);
state[length] ^= 0x80;
f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
memxor (state->b, data, length);
state->b[length] ^= 0x80;
/* XOR with (P ^ B), since the digest processing
* unconditionally XORs with B */
memxor (state, key->pad_partial, EAX_BLOCK_SIZE);
block16_xor (state, &key->pad_partial);
}
}
static void
omac_final (uint8_t *state, const struct eax_key *key,
omac_final (union nettle_block16 *state, const struct eax_key *key,
void *cipher, nettle_crypt_func *f)
{
memxor (state, key->pad_block, EAX_BLOCK_SIZE);
f (cipher, EAX_BLOCK_SIZE, state, state);
block16_xor (state, &key->pad_block);
f (cipher, EAX_BLOCK_SIZE, state->b, state->b);
}
/* Allows r == a */
......@@ -90,11 +102,11 @@ gf2_double (uint8_t *r, const uint8_t *a)
void
eax_set_key (struct eax_key *key, void *cipher, nettle_crypt_func *f)
{
static const uint8_t zero_block[EAX_BLOCK_SIZE];
f (cipher, EAX_BLOCK_SIZE, key->pad_block, zero_block);
gf2_double (key->pad_block, key->pad_block);
gf2_double (key->pad_partial, key->pad_block);
memxor (key->pad_partial, key->pad_block, EAX_BLOCK_SIZE);
static const union nettle_block16 zero_block;
f (cipher, EAX_BLOCK_SIZE, key->pad_block.b, zero_block.b);
gf2_double (key->pad_block.b, key->pad_block.b);
gf2_double (key->pad_partial.b, key->pad_block.b);
block16_xor (&key->pad_partial, &key->pad_block);
}
void
......@@ -102,13 +114,13 @@ eax_set_nonce (struct eax_ctx *eax, const struct eax_key *key,
void *cipher, nettle_crypt_func *f,
size_t nonce_length, const uint8_t *nonce)
{
omac_init (eax->omac_nonce, 0);
omac_update (eax->omac_nonce, key, cipher, f, nonce_length, nonce);
omac_final (eax->omac_nonce, key, cipher, f);
memcpy (eax->ctr, eax->omac_nonce, EAX_BLOCK_SIZE);
omac_init (&eax->omac_nonce, 0);
omac_update (&eax->omac_nonce, key, cipher, f, nonce_length, nonce);
omac_final (&eax->omac_nonce, key, cipher, f);
memcpy (eax->ctr.b, eax->omac_nonce.b, EAX_BLOCK_SIZE);
omac_init (eax->omac_data, 1);
omac_init (eax->omac_message, 2);
omac_init (&eax->omac_data, 1);
omac_init (&eax->omac_message, 2);
}
void
......@@ -116,7 +128,7 @@ eax_update (struct eax_ctx *eax, const struct eax_key *key,
void *cipher, nettle_crypt_func *f,
size_t data_length, const uint8_t *data)
{
omac_update (eax->omac_data, key, cipher, f, data_length, data);
omac_update (&eax->omac_data, key, cipher, f, data_length, data);
}
void
......@@ -124,8 +136,8 @@ eax_encrypt (struct eax_ctx *eax, const struct eax_key *key,
void *cipher, nettle_crypt_func *f,
size_t length, uint8_t *dst, const uint8_t *src)
{
ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr, length, dst, src);
omac_update (eax->omac_message, key, cipher, f, length, dst);
ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr.b, length, dst, src);
omac_update (&eax->omac_message, key, cipher, f, length, dst);
}
void
......@@ -133,8 +145,8 @@ eax_decrypt (struct eax_ctx *eax, const struct eax_key *key,
void *cipher, nettle_crypt_func *f,
size_t length, uint8_t *dst, const uint8_t *src)
{
omac_update (eax->omac_message, key, cipher, f, length, src);
ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr, length, dst, src);
omac_update (&eax->omac_message, key, cipher, f, length, src);
ctr_crypt (cipher, f, EAX_BLOCK_SIZE, eax->ctr.b, length, dst, src);
}
void
......@@ -144,9 +156,9 @@ eax_digest (struct eax_ctx *eax, const struct eax_key *key,
{
assert (length > 0);
assert (length <= EAX_BLOCK_SIZE);
omac_final (eax->omac_data, key, cipher, f);
omac_final (eax->omac_message, key, cipher, f);
omac_final (&eax->omac_data, key, cipher, f);
omac_final (&eax->omac_message, key, cipher, f);
memxor (eax->omac_nonce, eax->omac_data, length);
memxor3 (digest, eax->omac_nonce, eax->omac_message, length);
block16_xor (&eax->omac_nonce, &eax->omac_data);
memxor3 (digest, eax->omac_nonce.b, eax->omac_message.b, length);
}
......@@ -57,16 +57,16 @@ extern "C" {
/* Values independent of message and nonce */
struct eax_key
{
uint8_t pad_block[EAX_BLOCK_SIZE];
uint8_t pad_partial[EAX_BLOCK_SIZE];
union nettle_block16 pad_block;
union nettle_block16 pad_partial;
};
struct eax_ctx
{
uint8_t omac_nonce[EAX_BLOCK_SIZE];
uint8_t omac_data[EAX_BLOCK_SIZE];
uint8_t omac_message[EAX_BLOCK_SIZE];
uint8_t ctr[EAX_BLOCK_SIZE];
union nettle_block16 omac_nonce;
union nettle_block16 omac_data;
union nettle_block16 omac_message;
union nettle_block16 ctr;
};
void
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment