Minor reorg of umac l3 hashing.

ChangeLog

 2013-04-11  Niels Möller  <nisse@lysator.liu.se>
 
+	* umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
+	can be xored directly to the pad in native byteorder.
+	* umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
+	xor. Updated all callers.
+	* umac32.c (umac32_digest): Adapt to l3 changes.
+	* umac64.c (umac64_digest): Likewise.
+	* umac96.c (umac96_digest): Likewise.
+	* umac128.c (umac128_digest): Likewise.
+
 	Initial implementation of umac.
 	* umac.h: New file.
 	* umac-nh.c: New file.

umac-l3.c

@@ -74,11 +74,11 @@ umac_l3_word (const uint64_t *k, uint64_t w)
 }
 
 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m)
+_umac_l3 (const uint64_t *key, const uint64_t *m)
 {
-  uint32_t y = (umac_l3_word (key_1, m[0])
-		+ umac_l3_word (key_1 + 4, m[1])) % P;
-  y ^= key_2;
+  uint32_t y = (umac_l3_word (key, m[0])
+		+ umac_l3_word (key + 4, m[1])) % P;
+
 #if !WORDS_BIGENDIAN
   y = ((ROTL32(8,  y) & 0x00FF00FFUL)
        | (ROTL32(24, y) & 0xFF00FF00UL));

umac-set-key.c

@@ -90,8 +90,8 @@ _umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
   umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
   _umac_l3_init (size, l3_key1);
 
+  /* No need to byteswap these subkeys. */
   umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
-  BE_SWAP32_N (n, l3_key2);
 
   umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
   aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);

umac.h

@@ -221,7 +221,7 @@ void
 _umac_l3_init (unsigned size, uint64_t *k);
 
 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m);
+_umac_l3 (const uint64_t *key, const uint64_t *m);
 
 #ifdef __cplusplus
 }

umac128.c

@@ -117,7 +117,8 @@ umac128_digest (struct umac128_ctx *ctx,
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out);
   for (i = 0; i < 4; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);
 
   memcpy (digest, tag, length);
 

umac32.c

@@ -122,7 +122,7 @@ umac32_digest (struct umac32_ctx *ctx,
     }
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out);
-  pad ^= _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
+  pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
   memcpy (digest, &pad, length);
 
   /* Reinitialize */

umac64.c

@@ -125,9 +125,10 @@ umac64_digest (struct umac64_ctx *ctx,
     }
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out);
-  tag[0] = pad[0] ^ _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
-  tag[1] = pad[1] ^ _umac_l3 (ctx->l3_key1 + 8, ctx->l3_key2[1],
-			      ctx->l2_state + 2);
+  tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
+						ctx->l2_state);
+  tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
+						ctx->l2_state + 2);
   memcpy (digest, tag, length);
 
   /* Reinitialize */

umac96.c

@@ -115,7 +115,8 @@ umac96_digest (struct umac96_ctx *ctx,
 
   _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out);
   for (i = 0; i < 3; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);
 
   memcpy (digest, tag, length);