Minor reorg of umac l3 hashing.

5938db8f · Niels Möller · 34aef19b · 5938db8f · 5938db8f · 5938db8f
Commit 5938db8f authored Apr 11, 2013 by Niels Möller
8 changed files
--- a/ChangeLog
+++ b/ChangeLog
 2013-04-11  Niels Möller  <nisse@lysator.liu.se>

+	* umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it
+	can be xored directly to the pad in native byteorder.
+	* umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that
+	xor. Updated all callers.
+	* umac32.c (umac32_digest): Adapt to l3 changes.
+	* umac64.c (umac64_digest): Likewise.
+	* umac96.c (umac96_digest): Likewise.
+	* umac128.c (umac128_digest): Likewise.
+
 	Initial implementation of umac.
 	* umac.h: New file.
 	* umac-nh.c: New file.

--- a/umac-l3.c
+++ b/umac-l3.c
@@ -74,11 +74,11 @@ umac_l3_word (const uint64_t *k, uint64_t w)
 }

 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m)
+_umac_l3 (const uint64_t *key, const uint64_t *m)
 {
-  uint32_t y = (umac_l3_word (key_1, m[0])
-		+ umac_l3_word (key_1 + 4, m[1])) % P;
-  y ^= key_2;
+  uint32_t y = (umac_l3_word (key, m[0])
+		+ umac_l3_word (key + 4, m[1])) % P;
+
 #if !WORDS_BIGENDIAN
  y = ((ROTL32(8,  y) & 0x00FF00FFUL)
       | (ROTL32(24, y) & 0xFF00FF00UL));

--- a/umac-set-key.c
+++ b/umac-set-key.c
@@ -90,8 +90,8 @@ _umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
  umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1);
  _umac_l3_init (size, l3_key1);

+  /* No need to byteswap these subkeys. */
  umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2);
-  BE_SWAP32_N (n, l3_key2);

  umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer);
  aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer);

--- a/umac.h
+++ b/umac.h
@@ -221,7 +221,7 @@ void
 _umac_l3_init (unsigned size, uint64_t *k);

 uint32_t
-_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m);
+_umac_l3 (const uint64_t *key, const uint64_t *m);

 #ifdef __cplusplus
 }

--- a/umac128.c
+++ b/umac128.c
@@ -117,7 +117,8 @@ umac128_digest (struct umac128_ctx *ctx,

  _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out);
  for (i = 0; i < 4; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);

  memcpy (digest, tag, length);


--- a/umac32.c
+++ b/umac32.c
@@ -122,7 +122,7 @@ umac32_digest (struct umac32_ctx *ctx,
    }

  _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out);
-  pad ^= _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
+  pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state);
  memcpy (digest, &pad, length);

  /* Reinitialize */

--- a/umac64.c
+++ b/umac64.c
@@ -125,9 +125,10 @@ umac64_digest (struct umac64_ctx *ctx,
    }

  _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out);
-  tag[0] = pad[0] ^ _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state);
-  tag[1] = pad[1] ^ _umac_l3 (ctx->l3_key1 + 8, ctx->l3_key2[1],
-			      ctx->l2_state + 2);
+  tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1,
+						ctx->l2_state);
+  tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8,
+						ctx->l2_state + 2);
  memcpy (digest, tag, length);

  /* Reinitialize */

--- a/umac96.c
+++ b/umac96.c
@@ -115,7 +115,8 @@ umac96_digest (struct umac96_ctx *ctx,

  _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out);
  for (i = 0; i < 3; i++)
-    tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i);
+    tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i,
+					  ctx->l2_state + 2*i);

  memcpy (digest, tag, length);