umac.c (180746) | umac.c (180750) |
---|---|
1/* $OpenBSD: umac.c,v 1.2 2007/09/12 19:39:19 stevesk Exp $ */ | 1/* $OpenBSD: umac.c,v 1.3 2008/05/12 20:52:20 pvalchev Exp $ */ |
2/* ----------------------------------------------------------------------- 3 * 4 * umac.c -- C Implementation UMAC Message Authentication 5 * 6 * Version 0.93b of rfc4418.txt -- 2006 July 18 7 * 8 * For a full description of UMAC message authentication see the UMAC 9 * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac --- 121 unchanged lines hidden (view full) --- 131static UINT32 LOAD_UINT32_REVERSED(void *ptr) 132{ 133 UINT32 temp = *(UINT32 *)ptr; 134 temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) 135 | ((temp & 0x0000FF00) << 8 ) | (temp << 24); 136 return (UINT32)temp; 137} 138 | 2/* ----------------------------------------------------------------------- 3 * 4 * umac.c -- C Implementation UMAC Message Authentication 5 * 6 * Version 0.93b of rfc4418.txt -- 2006 July 18 7 * 8 * For a full description of UMAC message authentication see the UMAC 9 * world-wide-web page at http://www.cs.ucdavis.edu/~rogaway/umac --- 121 unchanged lines hidden (view full) --- 131static UINT32 LOAD_UINT32_REVERSED(void *ptr) 132{ 133 UINT32 temp = *(UINT32 *)ptr; 134 temp = (temp >> 24) | ((temp & 0x00FF0000) >> 8 ) 135 | ((temp & 0x0000FF00) << 8 ) | (temp << 24); 136 return (UINT32)temp; 137} 138 |
139# if (__LITTLE_ENDIAN__) |
|
139static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) 140{ 141 UINT32 i = (UINT32)x; 142 *(UINT32 *)ptr = (i >> 24) | ((i & 0x00FF0000) >> 8 ) 143 | ((i & 0x0000FF00) << 8 ) | (i << 24); 144} | 140static void STORE_UINT32_REVERSED(void *ptr, UINT32 x) 141{ 142 UINT32 i = (UINT32)x; 143 *(UINT32 *)ptr = (i >> 24) | ((i & 0x00FF0000) >> 8 ) 144 | ((i & 0x0000FF00) << 8 ) | (i << 24); 145} |
146# endif /* __LITTLE_ENDIAN */ |
|
145#endif /* HAVE_SWAP32 */ 146 147/* The following definitions use the above reversal-primitives to do the right 148 * thing on endian specific load and stores. 149 */ 150 151#if (__LITTLE_ENDIAN__) 152#define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) --- 21 unchanged lines hidden (view full) --- 174#define aes_encryption(in,out,int_key) \ 175 AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) 176#define aes_key_setup(key,int_key) \ 177 AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) 178 179/* The user-supplied UMAC key is stretched using AES in a counter 180 * mode to supply all random bits needed by UMAC. The kdf function takes 181 * an AES internal key representation 'key' and writes a stream of | 147#endif /* HAVE_SWAP32 */ 148 149/* The following definitions use the above reversal-primitives to do the right 150 * thing on endian specific load and stores. 151 */ 152 153#if (__LITTLE_ENDIAN__) 154#define LOAD_UINT32_LITTLE(ptr) (*(UINT32 *)(ptr)) --- 21 unchanged lines hidden (view full) --- 176#define aes_encryption(in,out,int_key) \ 177 AES_encrypt((u_char *)(in),(u_char *)(out),(AES_KEY *)int_key) 178#define aes_key_setup(key,int_key) \ 179 AES_set_encrypt_key((u_char *)(key),UMAC_KEY_LEN*8,int_key) 180 181/* The user-supplied UMAC key is stretched using AES in a counter 182 * mode to supply all random bits needed by UMAC. The kdf function takes 183 * an AES internal key representation 'key' and writes a stream of |
182 * 'nbytes' bytes to the memory pointed at by 'buffer_ptr'. Each distinct | 184 * 'nbytes' bytes to the memory pointed at by 'bufp'. Each distinct |
183 * 'ndx' causes a distinct byte stream. 184 */ | 185 * 'ndx' causes a distinct byte stream. 186 */ |
185static void kdf(void *buffer_ptr, aes_int_key key, UINT8 ndx, int nbytes) | 187static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) |
186{ 187 UINT8 in_buf[AES_BLOCK_LEN] = {0}; 188 UINT8 out_buf[AES_BLOCK_LEN]; | 188{ 189 UINT8 in_buf[AES_BLOCK_LEN] = {0}; 190 UINT8 out_buf[AES_BLOCK_LEN]; |
189 UINT8 *dst_buf = (UINT8 *)buffer_ptr; | 191 UINT8 *dst_buf = (UINT8 *)bufp; |
190 int i; 191 192 /* Setup the initial value */ 193 in_buf[AES_BLOCK_LEN-9] = ndx; 194 in_buf[AES_BLOCK_LEN-1] = i = 1; 195 196 while (nbytes >= AES_BLOCK_LEN) { 197 aes_encryption(in_buf, out_buf, key); --- 341 unchanged lines hidden (view full) --- 539 UINT8 *key; 540 541 key = hc->nh_key + hc->bytes_hashed; 542 nh_aux(key, buf, hc->state, nbytes); 543} 544 545/* ---------------------------------------------------------------------- */ 546 | 192 int i; 193 194 /* Setup the initial value */ 195 in_buf[AES_BLOCK_LEN-9] = ndx; 196 in_buf[AES_BLOCK_LEN-1] = i = 1; 197 198 while (nbytes >= AES_BLOCK_LEN) { 199 aes_encryption(in_buf, out_buf, key); --- 341 unchanged lines hidden (view full) --- 541 UINT8 *key; 542 543 key = hc->nh_key + hc->bytes_hashed; 544 nh_aux(key, buf, hc->state, nbytes); 545} 546 547/* ---------------------------------------------------------------------- */ 548 |
549#if (__LITTLE_ENDIAN__) |
|
547static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes) 548/* We endian convert the keys on little-endian computers to */ 549/* compensate for the lack of big-endian memory reads during hashing. */ 550{ 551 UWORD iters = num_bytes / bpw; 552 if (bpw == 4) { 553 UINT32 *p = (UINT32 *)buf; 554 do { --- 6 unchanged lines hidden (view full) --- 561 do { 562 t = LOAD_UINT32_REVERSED(p+1); 563 p[1] = LOAD_UINT32_REVERSED(p); 564 p[0] = t; 565 p += 2; 566 } while (--iters); 567 } 568} | 550static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes) 551/* We endian convert the keys on little-endian computers to */ 552/* compensate for the lack of big-endian memory reads during hashing. */ 553{ 554 UWORD iters = num_bytes / bpw; 555 if (bpw == 4) { 556 UINT32 *p = (UINT32 *)buf; 557 do { --- 6 unchanged lines hidden (view full) --- 564 do { 565 t = LOAD_UINT32_REVERSED(p+1); 566 p[1] = LOAD_UINT32_REVERSED(p); 567 p[0] = t; 568 p += 2; 569 } while (--iters); 570 } 571} |
569#if (__LITTLE_ENDIAN__) | |
570#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z)) 571#else 572#define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */ 573#endif 574 575/* ---------------------------------------------------------------------- */ 576 577static void nh_reset(nh_ctx *hc) --- 460 unchanged lines hidden (view full) --- 1038/* ---------------------------------------------------------------------- */ 1039 1040static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) 1041/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and 1042 * hash each one with NH, calling the polyhash on each NH output. 1043 */ 1044{ 1045 UWORD bytes_hashed, bytes_remaining; | 572#define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z)) 573#else 574#define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */ 575#endif 576 577/* ---------------------------------------------------------------------- */ 578 579static void nh_reset(nh_ctx *hc) --- 460 unchanged lines hidden (view full) --- 1040/* ---------------------------------------------------------------------- */ 1041 1042static int uhash_update(uhash_ctx_t ctx, u_char *input, long len) 1043/* Given len bytes of data, we parse it into L1_KEY_LEN chunks and 1044 * hash each one with NH, calling the polyhash on each NH output. 1045 */ 1046{ 1047 UWORD bytes_hashed, bytes_remaining; |
1046 UINT8 nh_result[STREAMS*sizeof(UINT64)]; | 1048 UINT64 result_buf[STREAMS]; 1049 UINT8 *nh_result = (UINT8 *)&result_buf; |
1047 1048 if (ctx->msg_len + len <= L1_KEY_LEN) { 1049 nh_update(&ctx->hash, (UINT8 *)input, len); 1050 ctx->msg_len += len; 1051 } else { 1052 1053 bytes_hashed = ctx->msg_len % L1_KEY_LEN; 1054 if (ctx->msg_len == L1_KEY_LEN) --- 35 unchanged lines hidden (view full) --- 1090 return (1); 1091} 1092 1093/* ---------------------------------------------------------------------- */ 1094 1095static int uhash_final(uhash_ctx_t ctx, u_char *res) 1096/* Incorporate any pending data, pad, and generate tag */ 1097{ | 1050 1051 if (ctx->msg_len + len <= L1_KEY_LEN) { 1052 nh_update(&ctx->hash, (UINT8 *)input, len); 1053 ctx->msg_len += len; 1054 } else { 1055 1056 bytes_hashed = ctx->msg_len % L1_KEY_LEN; 1057 if (ctx->msg_len == L1_KEY_LEN) --- 35 unchanged lines hidden (view full) --- 1093 return (1); 1094} 1095 1096/* ---------------------------------------------------------------------- */ 1097 1098static int uhash_final(uhash_ctx_t ctx, u_char *res) 1099/* Incorporate any pending data, pad, and generate tag */ 1100{ |
1098 UINT8 nh_result[STREAMS*sizeof(UINT64)]; | 1101 UINT64 result_buf[STREAMS]; 1102 UINT8 *nh_result = (UINT8 *)&result_buf; |
1099 1100 if (ctx->msg_len > L1_KEY_LEN) { 1101 if (ctx->msg_len % L1_KEY_LEN) { 1102 nh_final(&ctx->hash, nh_result); 1103 poly_hash(ctx,(UINT32 *)nh_result); 1104 } 1105 ip_long(ctx, res); 1106 } else { --- 167 unchanged lines hidden --- | 1103 1104 if (ctx->msg_len > L1_KEY_LEN) { 1105 if (ctx->msg_len % L1_KEY_LEN) { 1106 nh_final(&ctx->hash, nh_result); 1107 poly_hash(ctx,(UINT32 *)nh_result); 1108 } 1109 ip_long(ctx, res); 1110 } else { --- 167 unchanged lines hidden --- |