diff --git a/ChangeLog b/ChangeLog index b1137e3efde1549c1f14cf3c646a638e7472c942..80af73fb1af9116ee079150f72e443e4b238b386 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2013-04-11 Niels Möller <nisse@lysator.liu.se> + * umac-set-key.c (_umac_set_key): Drop byteswapping of l3_key2, it + can be xored directly to the pad in native byteorder. + * umac-l3.c (_umac_l3): Drop key_2 argument, let caller do that + xor. Updated all callers. + * umac32.c (umac32_digest): Adapt to l3 changes. + * umac64.c (umac64_digest): Likewise. + * umac96.c (umac96_digest): Likewise. + * umac128.c (umac128_digest): Likewise. + Initial implementation of umac. * umac.h: New file. * umac-nh.c: New file. diff --git a/umac-l3.c b/umac-l3.c index 7a13847ee3ce9d841423240b0af3d53dd6ff17ba..3a896e504386fff78c5abfee42dda9a7385bdc49 100644 --- a/umac-l3.c +++ b/umac-l3.c @@ -74,11 +74,11 @@ umac_l3_word (const uint64_t *k, uint64_t w) } uint32_t -_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m) +_umac_l3 (const uint64_t *key, const uint64_t *m) { - uint32_t y = (umac_l3_word (key_1, m[0]) - + umac_l3_word (key_1 + 4, m[1])) % P; - y ^= key_2; + uint32_t y = (umac_l3_word (key, m[0]) + + umac_l3_word (key + 4, m[1])) % P; + #if !WORDS_BIGENDIAN y = ((ROTL32(8, y) & 0x00FF00FFUL) | (ROTL32(24, y) & 0xFF00FF00UL)); diff --git a/umac-set-key.c b/umac-set-key.c index c1f796872d3fbc395aab5c8c84a6c40d6fd0b5ea..05dcf697879adacf4a7fb8fb96daa2b28c1dd55e 100644 --- a/umac-set-key.c +++ b/umac-set-key.c @@ -90,8 +90,8 @@ _umac_set_key (uint32_t *l1_key, uint32_t *l2_key, umac_kdf (aes, 3, size * sizeof(uint64_t), (uint8_t *) l3_key1); _umac_l3_init (size, l3_key1); + /* No need to byteswap these subkeys. */ umac_kdf (aes, 4, n * sizeof(uint32_t), (uint8_t *) l3_key2); - BE_SWAP32_N (n, l3_key2); umac_kdf (aes, 0, UMAC_KEY_SIZE, buffer); aes_set_encrypt_key (aes, UMAC_KEY_SIZE, buffer); diff --git a/umac.h b/umac.h index 415d797f0df556167d86714a64d815af9c6444b4..a2fd01014f8c73fb439043da2731773980f0690f 100644 --- a/umac.h +++ b/umac.h @@ -221,7 +221,7 @@ void _umac_l3_init (unsigned size, uint64_t *k); uint32_t -_umac_l3 (const uint64_t *key_1, uint32_t key_2, const uint64_t *m); +_umac_l3 (const uint64_t *key, const uint64_t *m); #ifdef __cplusplus } diff --git a/umac128.c b/umac128.c index c4a6dbb555e7957b73f9d5d750949eaec2d6d136..74936021449b1f6e731e54b2bc042de14d2fa65c 100644 --- a/umac128.c +++ b/umac128.c @@ -117,7 +117,8 @@ umac128_digest (struct umac128_ctx *ctx, _umac_l2_final (ctx->l2_key, ctx->l2_state, 4, ctx->count, ctx->l1_out); for (i = 0; i < 4; i++) - tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i); + tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i, + ctx->l2_state + 2*i); memcpy (digest, tag, length); diff --git a/umac32.c b/umac32.c index 00ba2f7a900838dec5822850229b3df324bf6022..c3714fa3228e425b66601b6c6318c71128c3f83d 100644 --- a/umac32.c +++ b/umac32.c @@ -122,7 +122,7 @@ umac32_digest (struct umac32_ctx *ctx, } _umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count, ctx->l1_out); - pad ^= _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state); + pad ^= ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, ctx->l2_state); memcpy (digest, &pad, length); /* Reinitialize */ diff --git a/umac64.c b/umac64.c index 015cefd067ad1e03b96d3e2441fd99041349c165..6f8132de9508039fd401d1dce49f0a0b37e28958 100644 --- a/umac64.c +++ b/umac64.c @@ -125,9 +125,10 @@ umac64_digest (struct umac64_ctx *ctx, } _umac_l2_final (ctx->l2_key, ctx->l2_state, 2, ctx->count, ctx->l1_out); - tag[0] = pad[0] ^ _umac_l3 (ctx->l3_key1, ctx->l3_key2[0], ctx->l2_state); - tag[1] = pad[1] ^ _umac_l3 (ctx->l3_key1 + 8, ctx->l3_key2[1], - ctx->l2_state + 2); + tag[0] = pad[0] ^ ctx->l3_key2[0] ^ _umac_l3 (ctx->l3_key1, + ctx->l2_state); + tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _umac_l3 (ctx->l3_key1 + 8, + ctx->l2_state + 2); memcpy (digest, tag, length); /* Reinitialize */ diff --git a/umac96.c b/umac96.c index ab7b33fadeb6a15e0f49c4544ac04c68efc51e69..b4b43ed7b90fd7885ed11450400bd5c72137e994 100644 --- a/umac96.c +++ b/umac96.c @@ -115,7 +115,8 @@ umac96_digest (struct umac96_ctx *ctx, _umac_l2_final (ctx->l2_key, ctx->l2_state, 3, ctx->count, ctx->l1_out); for (i = 0; i < 3; i++) - tag[i] ^= _umac_l3 (ctx->l3_key1 + 8*i, ctx->l3_key2[i], ctx->l2_state + 2*i); + tag[i] ^= ctx->l3_key2[i] ^ _umac_l3 (ctx->l3_key1 + 8*i, + ctx->l2_state + 2*i); memcpy (digest, tag, length);