version 1.12, 2017/05/31 08:09:45 |
version 1.13, 2017/10/27 01:01:17 |
|
|
* Comments should be directed to Ted Krovetz (tdk@acm.org) |
* Comments should be directed to Ted Krovetz (tdk@acm.org) |
* |
* |
* ---------------------------------------------------------------------- */ |
* ---------------------------------------------------------------------- */ |
|
|
/* ////////////////////// IMPORTANT NOTES ///////////////////////////////// |
/* ////////////////////// IMPORTANT NOTES ///////////////////////////////// |
* |
* |
* 1) This version does not work properly on messages larger than 16MB |
* 1) This version does not work properly on messages larger than 16MB |
|
|
* produced under gcc with optimizations set -O3 or higher. Dunno why. |
* produced under gcc with optimizations set -O3 or higher. Dunno why. |
* |
* |
/////////////////////////////////////////////////////////////////////// */ |
/////////////////////////////////////////////////////////////////////// */ |
|
|
/* ---------------------------------------------------------------------- */ |
/* ---------------------------------------------------------------------- */ |
/* --- User Switches ---------------------------------------------------- */ |
/* --- User Switches ---------------------------------------------------- */ |
/* ---------------------------------------------------------------------- */ |
/* ---------------------------------------------------------------------- */ |
|
|
UINT8 out_buf[AES_BLOCK_LEN]; |
UINT8 out_buf[AES_BLOCK_LEN]; |
UINT8 *dst_buf = (UINT8 *)buffer_ptr; |
UINT8 *dst_buf = (UINT8 *)buffer_ptr; |
int i; |
int i; |
|
|
/* Setup the initial value */ |
/* Setup the initial value */ |
in_buf[AES_BLOCK_LEN-9] = ndx; |
in_buf[AES_BLOCK_LEN-9] = ndx; |
in_buf[AES_BLOCK_LEN-1] = i = 1; |
in_buf[AES_BLOCK_LEN-1] = i = 1; |
|
|
while (nbytes >= AES_BLOCK_LEN) { |
while (nbytes >= AES_BLOCK_LEN) { |
aes_encryption(in_buf, out_buf, key); |
aes_encryption(in_buf, out_buf, key); |
memcpy(dst_buf,out_buf,AES_BLOCK_LEN); |
memcpy(dst_buf,out_buf,AES_BLOCK_LEN); |
|
|
static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) |
static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) |
{ |
{ |
UINT8 buf[UMAC_KEY_LEN]; |
UINT8 buf[UMAC_KEY_LEN]; |
|
|
kdf(buf, prf_key, 0, UMAC_KEY_LEN); |
kdf(buf, prf_key, 0, UMAC_KEY_LEN); |
aes_key_setup(buf, pc->prf_key); |
aes_key_setup(buf, pc->prf_key); |
|
|
/* Initialize pdf and cache */ |
/* Initialize pdf and cache */ |
memset(pc->nonce, 0, sizeof(pc->nonce)); |
memset(pc->nonce, 0, sizeof(pc->nonce)); |
aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
|
|
* of the AES output. If last time around we returned the ndx-1st |
* of the AES output. If last time around we returned the ndx-1st |
* element, then we may have the result in the cache already. |
* element, then we may have the result in the cache already. |
*/ |
*/ |
|
|
#if (UMAC_OUTPUT_LEN == 4) |
#if (UMAC_OUTPUT_LEN == 4) |
#define LOW_BIT_MASK 3 |
#define LOW_BIT_MASK 3 |
#elif (UMAC_OUTPUT_LEN == 8) |
#elif (UMAC_OUTPUT_LEN == 8) |
|
|
#endif |
#endif |
*(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; |
*(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; |
t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ |
t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ |
|
|
if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || |
if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || |
(((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) |
(((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) |
{ |
{ |
|
|
((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; |
((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; |
aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
} |
} |
|
|
#if (UMAC_OUTPUT_LEN == 4) |
#if (UMAC_OUTPUT_LEN == 4) |
*((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; |
*((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; |
#elif (UMAC_OUTPUT_LEN == 8) |
#elif (UMAC_OUTPUT_LEN == 8) |
|
|
* The routine nh_init() initializes the nh_ctx data structure and |
* The routine nh_init() initializes the nh_ctx data structure and |
* must be called once, before any other PDF routine. |
* must be called once, before any other PDF routine. |
*/ |
*/ |
|
|
/* The "nh_aux" routines do the actual NH hashing work. They |
/* The "nh_aux" routines do the actual NH hashing work. They |
* expect buffers to be multiples of L1_PAD_BOUNDARY. These routines |
* expect buffers to be multiples of L1_PAD_BOUNDARY. These routines |
* produce output for all STREAMS NH iterations in one call, |
* produce output for all STREAMS NH iterations in one call, |
|
|
const UINT32 *d = (const UINT32 *)dp; |
const UINT32 *d = (const UINT32 *)dp; |
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
UINT32 k0,k1,k2,k3,k4,k5,k6,k7; |
UINT32 k0,k1,k2,k3,k4,k5,k6,k7; |
|
|
h = *((UINT64 *)hp); |
h = *((UINT64 *)hp); |
do { |
do { |
d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); |
d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); |
|
|
h += MUL64((k1 + d1), (k5 + d5)); |
h += MUL64((k1 + d1), (k5 + d5)); |
h += MUL64((k2 + d2), (k6 + d6)); |
h += MUL64((k2 + d2), (k6 + d6)); |
h += MUL64((k3 + d3), (k7 + d7)); |
h += MUL64((k3 + d3), (k7 + d7)); |
|
|
d += 8; |
d += 8; |
k += 8; |
k += 8; |
} while (--c); |
} while (--c); |
|
|
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
k8,k9,k10,k11,k12,k13,k14,k15; |
k8,k9,k10,k11,k12,k13,k14,k15; |
|
|
h1 = *((UINT64 *)hp); |
h1 = *((UINT64 *)hp); |
h2 = *((UINT64 *)hp + 1); |
h2 = *((UINT64 *)hp + 1); |
h3 = *((UINT64 *)hp + 2); |
h3 = *((UINT64 *)hp + 2); |
|
|
d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); |
d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); |
k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
|
|
h1 += MUL64((k0 + d0), (k4 + d4)); |
h1 += MUL64((k0 + d0), (k4 + d4)); |
h2 += MUL64((k4 + d0), (k8 + d4)); |
h2 += MUL64((k4 + d0), (k8 + d4)); |
h3 += MUL64((k8 + d0), (k12 + d4)); |
h3 += MUL64((k8 + d0), (k12 + d4)); |
|
|
h1 += MUL64((k1 + d1), (k5 + d5)); |
h1 += MUL64((k1 + d1), (k5 + d5)); |
h2 += MUL64((k5 + d1), (k9 + d5)); |
h2 += MUL64((k5 + d1), (k9 + d5)); |
h3 += MUL64((k9 + d1), (k13 + d5)); |
h3 += MUL64((k9 + d1), (k13 + d5)); |
|
|
h1 += MUL64((k2 + d2), (k6 + d6)); |
h1 += MUL64((k2 + d2), (k6 + d6)); |
h2 += MUL64((k6 + d2), (k10 + d6)); |
h2 += MUL64((k6 + d2), (k10 + d6)); |
h3 += MUL64((k10 + d2), (k14 + d6)); |
h3 += MUL64((k10 + d2), (k14 + d6)); |
|
|
h1 += MUL64((k3 + d3), (k7 + d7)); |
h1 += MUL64((k3 + d3), (k7 + d7)); |
h2 += MUL64((k7 + d3), (k11 + d7)); |
h2 += MUL64((k7 + d3), (k11 + d7)); |
h3 += MUL64((k11 + d3), (k15 + d7)); |
h3 += MUL64((k11 + d3), (k15 + d7)); |
|
|
k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
|
|
d += 8; |
d += 8; |
k += 8; |
k += 8; |
} while (--c); |
} while (--c); |
|
|
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
k8,k9,k10,k11,k12,k13,k14,k15, |
k8,k9,k10,k11,k12,k13,k14,k15, |
k16,k17,k18,k19; |
k16,k17,k18,k19; |
|
|
h1 = *((UINT64 *)hp); |
h1 = *((UINT64 *)hp); |
h2 = *((UINT64 *)hp + 1); |
h2 = *((UINT64 *)hp + 1); |
h3 = *((UINT64 *)hp + 2); |
h3 = *((UINT64 *)hp + 2); |
|
|
k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); |
k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); |
|
|
h1 += MUL64((k0 + d0), (k4 + d4)); |
h1 += MUL64((k0 + d0), (k4 + d4)); |
h2 += MUL64((k4 + d0), (k8 + d4)); |
h2 += MUL64((k4 + d0), (k8 + d4)); |
h3 += MUL64((k8 + d0), (k12 + d4)); |
h3 += MUL64((k8 + d0), (k12 + d4)); |
h4 += MUL64((k12 + d0), (k16 + d4)); |
h4 += MUL64((k12 + d0), (k16 + d4)); |
|
|
h1 += MUL64((k1 + d1), (k5 + d5)); |
h1 += MUL64((k1 + d1), (k5 + d5)); |
h2 += MUL64((k5 + d1), (k9 + d5)); |
h2 += MUL64((k5 + d1), (k9 + d5)); |
h3 += MUL64((k9 + d1), (k13 + d5)); |
h3 += MUL64((k9 + d1), (k13 + d5)); |
h4 += MUL64((k13 + d1), (k17 + d5)); |
h4 += MUL64((k13 + d1), (k17 + d5)); |
|
|
h1 += MUL64((k2 + d2), (k6 + d6)); |
h1 += MUL64((k2 + d2), (k6 + d6)); |
h2 += MUL64((k6 + d2), (k10 + d6)); |
h2 += MUL64((k6 + d2), (k10 + d6)); |
h3 += MUL64((k10 + d2), (k14 + d6)); |
h3 += MUL64((k10 + d2), (k14 + d6)); |
h4 += MUL64((k14 + d2), (k18 + d6)); |
h4 += MUL64((k14 + d2), (k18 + d6)); |
|
|
h1 += MUL64((k3 + d3), (k7 + d7)); |
h1 += MUL64((k3 + d3), (k7 + d7)); |
h2 += MUL64((k7 + d3), (k11 + d7)); |
h2 += MUL64((k7 + d3), (k11 + d7)); |
h3 += MUL64((k11 + d3), (k15 + d7)); |
h3 += MUL64((k11 + d3), (k15 + d7)); |
h4 += MUL64((k15 + d3), (k19 + d7)); |
h4 += MUL64((k15 + d3), (k19 + d7)); |
|
|
k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
k8 = k16; k9 = k17; k10 = k18; k11 = k19; |
k8 = k16; k9 = k17; k10 = k18; k11 = k19; |
|
|
d += 8; |
d += 8; |
k += 8; |
k += 8; |
} while (--c); |
} while (--c); |
|
|
*/ |
*/ |
{ |
{ |
UINT8 *key; |
UINT8 *key; |
|
|
key = hc->nh_key + hc->bytes_hashed; |
key = hc->nh_key + hc->bytes_hashed; |
nh_aux(key, buf, hc->state, nbytes); |
nh_aux(key, buf, hc->state, nbytes); |
} |
} |
|
|
/* even multiple of HASH_BUF_BYTES. */ |
/* even multiple of HASH_BUF_BYTES. */ |
{ |
{ |
UINT32 i,j; |
UINT32 i,j; |
|
|
j = hc->next_data_empty; |
j = hc->next_data_empty; |
if ((j + nbytes) >= HASH_BUF_BYTES) { |
if ((j + nbytes) >= HASH_BUF_BYTES) { |
if (j) { |
if (j) { |
|
|
*/ |
*/ |
{ |
{ |
UINT32 nbits; |
UINT32 nbits; |
|
|
/* Initialize the hash state */ |
/* Initialize the hash state */ |
nbits = (unpadded_len << 3); |
nbits = (unpadded_len << 3); |
|
|
((UINT64 *)result)[0] = nbits; |
((UINT64 *)result)[0] = nbits; |
#if (UMAC_OUTPUT_LEN >= 8) |
#if (UMAC_OUTPUT_LEN >= 8) |
((UINT64 *)result)[1] = nbits; |
((UINT64 *)result)[1] = nbits; |
|
|
#if (UMAC_OUTPUT_LEN == 16) |
#if (UMAC_OUTPUT_LEN == 16) |
((UINT64 *)result)[3] = nbits; |
((UINT64 *)result)[3] = nbits; |
#endif |
#endif |
|
|
nh_aux(hc->nh_key, buf, result, padded_len); |
nh_aux(hc->nh_key, buf, result, padded_len); |
} |
} |
|
|
|
|
x_lo, |
x_lo, |
x_hi; |
x_hi; |
UINT64 X,T,res; |
UINT64 X,T,res; |
|
|
X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); |
X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); |
x_lo = (UINT32)X; |
x_lo = (UINT32)X; |
x_hi = (UINT32)(X >> 32); |
x_hi = (UINT32)(X >> 32); |
|
|
res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); |
res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); |
|
|
T = ((UINT64)x_lo << 32); |
T = ((UINT64)x_lo << 32); |
res += T; |
res += T; |
if (res < T) |
if (res < T) |
|
|
{ |
{ |
int i; |
int i; |
UINT64 *data=(UINT64*)data_in; |
UINT64 *data=(UINT64*)data_in; |
|
|
for (i = 0; i < STREAMS; i++) { |
for (i = 0; i < STREAMS; i++) { |
if ((UINT32)(data[i] >> 32) == 0xfffffffful) { |
if ((UINT32)(data[i] >> 32) == 0xfffffffful) { |
hc->poly_accum[i] = poly64(hc->poly_accum[i], |
hc->poly_accum[i] = poly64(hc->poly_accum[i], |
|
|
t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); |
t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); |
t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); |
t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); |
t = t + ipkp[3] * (UINT64)(UINT16)(data); |
t = t + ipkp[3] * (UINT64)(UINT16)(data); |
|
|
return t; |
return t; |
} |
} |
|
|
|
|
{ |
{ |
/* Divisionless modular reduction */ |
/* Divisionless modular reduction */ |
UINT64 ret; |
UINT64 ret; |
|
|
ret = (t & m36) + 5 * (t >> 36); |
ret = (t & m36) + 5 * (t >> 36); |
if (ret >= p36) |
if (ret >= p36) |
ret -= p36; |
ret -= p36; |
|
|
{ |
{ |
UINT64 t; |
UINT64 t; |
UINT64 *nhp = (UINT64 *)nh_res; |
UINT64 *nhp = (UINT64 *)nh_res; |
|
|
t = ip_aux(0,ahc->ip_keys, nhp[0]); |
t = ip_aux(0,ahc->ip_keys, nhp[0]); |
STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); |
STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); |
#if (UMAC_OUTPUT_LEN >= 8) |
#if (UMAC_OUTPUT_LEN >= 8) |
|
|
{ |
{ |
int i; |
int i; |
UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; |
UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; |
|
|
/* Zero the entire uhash context */ |
/* Zero the entire uhash context */ |
memset(ahc, 0, sizeof(uhash_ctx)); |
memset(ahc, 0, sizeof(uhash_ctx)); |
|
|
/* Initialize the L1 hash */ |
/* Initialize the L1 hash */ |
nh_init(&ahc->hash, prf_key); |
nh_init(&ahc->hash, prf_key); |
|
|
/* Setup L2 hash variables */ |
/* Setup L2 hash variables */ |
kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ |
kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ |
for (i = 0; i < STREAMS; i++) { |
for (i = 0; i < STREAMS; i++) { |
|
|
ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; |
ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; |
ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ |
ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ |
} |
} |
|
|
/* Setup L3-1 hash variables */ |
/* Setup L3-1 hash variables */ |
kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ |
kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ |
for (i = 0; i < STREAMS; i++) |
for (i = 0; i < STREAMS; i++) |
|
|
sizeof(ahc->ip_keys)); |
sizeof(ahc->ip_keys)); |
for (i = 0; i < STREAMS*4; i++) |
for (i = 0; i < STREAMS*4; i++) |
ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ |
ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ |
|
|
/* Setup L3-2 hash variables */ |
/* Setup L3-2 hash variables */ |
/* Fill buffer with index 4 key */ |
/* Fill buffer with index 4 key */ |
kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); |
kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); |
|
|
uhash_ctx_t ctx; |
uhash_ctx_t ctx; |
u_char bytes_to_add; |
u_char bytes_to_add; |
aes_int_key prf_key; |
aes_int_key prf_key; |
|
|
ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); |
ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); |
if (ctx) { |
if (ctx) { |
if (ALLOC_BOUNDARY) { |
if (ALLOC_BOUNDARY) { |
|
|
{ |
{ |
/* Free memory allocated by uhash_alloc */ |
/* Free memory allocated by uhash_alloc */ |
u_char bytes_to_sub; |
u_char bytes_to_sub; |
|
|
if (ctx) { |
if (ctx) { |
if (ALLOC_BOUNDARY) { |
if (ALLOC_BOUNDARY) { |
bytes_to_sub = *((u_char *)ctx - 1); |
bytes_to_sub = *((u_char *)ctx - 1); |
|
|
UWORD bytes_hashed, bytes_remaining; |
UWORD bytes_hashed, bytes_remaining; |
UINT64 result_buf[STREAMS]; |
UINT64 result_buf[STREAMS]; |
UINT8 *nh_result = (UINT8 *)&result_buf; |
UINT8 *nh_result = (UINT8 *)&result_buf; |
|
|
if (ctx->msg_len + len <= L1_KEY_LEN) { |
if (ctx->msg_len + len <= L1_KEY_LEN) { |
nh_update(&ctx->hash, (const UINT8 *)input, len); |
nh_update(&ctx->hash, (const UINT8 *)input, len); |
ctx->msg_len += len; |
ctx->msg_len += len; |
} else { |
} else { |
|
|
bytes_hashed = ctx->msg_len % L1_KEY_LEN; |
bytes_hashed = ctx->msg_len % L1_KEY_LEN; |
if (ctx->msg_len == L1_KEY_LEN) |
if (ctx->msg_len == L1_KEY_LEN) |
bytes_hashed = L1_KEY_LEN; |
bytes_hashed = L1_KEY_LEN; |
|
|
UINT8 nh_result[STREAMS*sizeof(UINT64)]; |
UINT8 nh_result[STREAMS*sizeof(UINT64)]; |
UINT32 nh_len; |
UINT32 nh_len; |
int extra_zeroes_needed; |
int extra_zeroes_needed; |
|
|
/* If the message to be hashed is no longer than L1_HASH_LEN, we skip |
/* If the message to be hashed is no longer than L1_HASH_LEN, we skip |
* the polyhash. |
* the polyhash. |
*/ |
*/ |
|
|
|
|
ip_long(ahc, res); |
ip_long(ahc, res); |
} |
} |
|
|
uhash_reset(ahc); |
uhash_reset(ahc); |
return 1; |
return 1; |
} |
} |
|
|
struct umac_ctx *ctx, *octx; |
struct umac_ctx *ctx, *octx; |
size_t bytes_to_add; |
size_t bytes_to_add; |
aes_int_key prf_key; |
aes_int_key prf_key; |
|
|
octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); |
octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); |
if (ctx) { |
if (ctx) { |
if (ALLOC_BOUNDARY) { |
if (ALLOC_BOUNDARY) { |
|
|
uhash_init(&ctx->hash, prf_key); |
uhash_init(&ctx->hash, prf_key); |
explicit_bzero(prf_key, sizeof(prf_key)); |
explicit_bzero(prf_key, sizeof(prf_key)); |
} |
} |
|
|
return (ctx); |
return (ctx); |
} |
} |
|
|
|
|
{ |
{ |
uhash_final(&ctx->hash, (u_char *)tag); |
uhash_final(&ctx->hash, (u_char *)tag); |
pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); |
pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); |
|
|
return (1); |
return (1); |
} |
} |
|
|
|
|
{ |
{ |
uhash(&ctx->hash, input, len, (u_char *)tag); |
uhash(&ctx->hash, input, len, (u_char *)tag); |
pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); |
pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); |
|
|
return (1); |
return (1); |
} |
} |
#endif |
#endif |