diff options
| author | jsing <> | 2014-05-15 14:14:56 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-15 14:14:56 +0000 |
| commit | b115738274236129c97a787d577da5cbff4c828e (patch) | |
| tree | d1545fae6b44d7a9d7d6aa80a89b700911a313f3 /src/lib/libcrypto/poly1305 | |
| parent | 331e9a2412038c63b968d43c57141df1425f9d43 (diff) | |
| download | openbsd-b115738274236129c97a787d577da5cbff4c828e.tar.gz openbsd-b115738274236129c97a787d577da5cbff4c828e.tar.bz2 openbsd-b115738274236129c97a787d577da5cbff4c828e.zip | |
KNF.
Diffstat (limited to 'src/lib/libcrypto/poly1305')
| -rw-r--r-- | src/lib/libcrypto/poly1305/poly1305-donna.c | 163 |
1 files changed, 110 insertions, 53 deletions
diff --git a/src/lib/libcrypto/poly1305/poly1305-donna.c b/src/lib/libcrypto/poly1305/poly1305-donna.c index 642a30b376..83d862f633 100644 --- a/src/lib/libcrypto/poly1305/poly1305-donna.c +++ b/src/lib/libcrypto/poly1305/poly1305-donna.c | |||
| @@ -32,32 +32,34 @@ typedef struct poly1305_state_internal_t { | |||
| 32 | 32 | ||
| 33 | /* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */ | 33 | /* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */ |
| 34 | static unsigned long | 34 | static unsigned long |
| 35 | U8TO32(const unsigned char *p) { | 35 | U8TO32(const unsigned char *p) |
| 36 | return | 36 | { |
| 37 | (((unsigned long)(p[0] & 0xff) ) | | 37 | return (((unsigned long)(p[0] & 0xff)) | |
| 38 | ((unsigned long)(p[1] & 0xff) << 8) | | 38 | ((unsigned long)(p[1] & 0xff) << 8) | |
| 39 | ((unsigned long)(p[2] & 0xff) << 16) | | 39 | ((unsigned long)(p[2] & 0xff) << 16) | |
| 40 | ((unsigned long)(p[3] & 0xff) << 24)); | 40 | ((unsigned long)(p[3] & 0xff) << 24)); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | /* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */ | 43 | /* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */ |
| 44 | static void | 44 | static void |
| 45 | U32TO8(unsigned char *p, unsigned long v) { | 45 | U32TO8(unsigned char *p, unsigned long v) |
| 46 | p[0] = (v ) & 0xff; | 46 | { |
| 47 | p[0] = (v) & 0xff; | ||
| 47 | p[1] = (v >> 8) & 0xff; | 48 | p[1] = (v >> 8) & 0xff; |
| 48 | p[2] = (v >> 16) & 0xff; | 49 | p[2] = (v >> 16) & 0xff; |
| 49 | p[3] = (v >> 24) & 0xff; | 50 | p[3] = (v >> 24) & 0xff; |
| 50 | } | 51 | } |
| 51 | 52 | ||
| 52 | static inline void | 53 | static inline void |
| 53 | poly1305_init(poly1305_context *ctx, const unsigned char key[32]) { | 54 | poly1305_init(poly1305_context *ctx, const unsigned char key[32]) |
| 55 | { | ||
| 54 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; | 56 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; |
| 55 | 57 | ||
| 56 | /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ | 58 | /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ |
| 57 | st->r[0] = (U8TO32(&key[ 0]) ) & 0x3ffffff; | 59 | st->r[0] = (U8TO32(&key[0])) & 0x3ffffff; |
| 58 | st->r[1] = (U8TO32(&key[ 3]) >> 2) & 0x3ffff03; | 60 | st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03; |
| 59 | st->r[2] = (U8TO32(&key[ 6]) >> 4) & 0x3ffc0ff; | 61 | st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff; |
| 60 | st->r[3] = (U8TO32(&key[ 9]) >> 6) & 0x3f03fff; | 62 | st->r[3] = (U8TO32(&key[9]) >> 6) & 0x3f03fff; |
| 61 | st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff; | 63 | st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff; |
| 62 | 64 | ||
| 63 | /* h = 0 */ | 65 | /* h = 0 */ |
| @@ -78,12 +80,13 @@ poly1305_init(poly1305_context *ctx, const unsigned char key[32]) { | |||
| 78 | } | 80 | } |
| 79 | 81 | ||
| 80 | static void | 82 | static void |
| 81 | poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t bytes) { | 83 | poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t bytes) |
| 84 | { | ||
| 82 | const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */ | 85 | const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */ |
| 83 | unsigned long r0,r1,r2,r3,r4; | 86 | unsigned long r0, r1, r2, r3, r4; |
| 84 | unsigned long s1,s2,s3,s4; | 87 | unsigned long s1, s2, s3, s4; |
| 85 | unsigned long h0,h1,h2,h3,h4; | 88 | unsigned long h0, h1, h2, h3, h4; |
| 86 | unsigned long long d0,d1,d2,d3,d4; | 89 | unsigned long long d0, d1, d2, d3, d4; |
| 87 | unsigned long c; | 90 | unsigned long c; |
| 88 | 91 | ||
| 89 | r0 = st->r[0]; | 92 | r0 = st->r[0]; |
| @@ -105,26 +108,57 @@ poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t by | |||
| 105 | 108 | ||
| 106 | while (bytes >= poly1305_block_size) { | 109 | while (bytes >= poly1305_block_size) { |
| 107 | /* h += m[i] */ | 110 | /* h += m[i] */ |
| 108 | h0 += (U8TO32(m+ 0) ) & 0x3ffffff; | 111 | h0 += (U8TO32(m + 0)) & 0x3ffffff; |
| 109 | h1 += (U8TO32(m+ 3) >> 2) & 0x3ffffff; | 112 | h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff; |
| 110 | h2 += (U8TO32(m+ 6) >> 4) & 0x3ffffff; | 113 | h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff; |
| 111 | h3 += (U8TO32(m+ 9) >> 6) & 0x3ffffff; | 114 | h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff; |
| 112 | h4 += (U8TO32(m+12) >> 8) | hibit; | 115 | h4 += (U8TO32(m + 12) >> 8) | hibit; |
| 113 | 116 | ||
| 114 | /* h *= r */ | 117 | /* h *= r */ |
| 115 | d0 = ((unsigned long long)h0 * r0) + ((unsigned long long)h1 * s4) + ((unsigned long long)h2 * s3) + ((unsigned long long)h3 * s2) + ((unsigned long long)h4 * s1); | 118 | d0 = ((unsigned long long)h0 * r0) + |
| 116 | d1 = ((unsigned long long)h0 * r1) + ((unsigned long long)h1 * r0) + ((unsigned long long)h2 * s4) + ((unsigned long long)h3 * s3) + ((unsigned long long)h4 * s2); | 119 | ((unsigned long long)h1 * s4) + |
| 117 | d2 = ((unsigned long long)h0 * r2) + ((unsigned long long)h1 * r1) + ((unsigned long long)h2 * r0) + ((unsigned long long)h3 * s4) + ((unsigned long long)h4 * s3); | 120 | ((unsigned long long)h2 * s3) + |
| 118 | d3 = ((unsigned long long)h0 * r3) + ((unsigned long long)h1 * r2) + ((unsigned long long)h2 * r1) + ((unsigned long long)h3 * r0) + ((unsigned long long)h4 * s4); | 121 | ((unsigned long long)h3 * s2) + |
| 119 | d4 = ((unsigned long long)h0 * r4) + ((unsigned long long)h1 * r3) + ((unsigned long long)h2 * r2) + ((unsigned long long)h3 * r1) + ((unsigned long long)h4 * r0); | 122 | ((unsigned long long)h4 * s1); |
| 123 | d1 = ((unsigned long long)h0 * r1) + | ||
| 124 | ((unsigned long long)h1 * r0) + | ||
| 125 | ((unsigned long long)h2 * s4) + | ||
| 126 | ((unsigned long long)h3 * s3) + | ||
| 127 | ((unsigned long long)h4 * s2); | ||
| 128 | d2 = ((unsigned long long)h0 * r2) + | ||
| 129 | ((unsigned long long)h1 * r1) + | ||
| 130 | ((unsigned long long)h2 * r0) + | ||
| 131 | ((unsigned long long)h3 * s4) + | ||
| 132 | ((unsigned long long)h4 * s3); | ||
| 133 | d3 = ((unsigned long long)h0 * r3) + | ||
| 134 | ((unsigned long long)h1 * r2) + | ||
| 135 | ((unsigned long long)h2 * r1) + | ||
| 136 | ((unsigned long long)h3 * r0) + | ||
| 137 | ((unsigned long long)h4 * s4); | ||
| 138 | d4 = ((unsigned long long)h0 * r4) + | ||
| 139 | ((unsigned long long)h1 * r3) + | ||
| 140 | ((unsigned long long)h2 * r2) + | ||
| 141 | ((unsigned long long)h3 * r1) + | ||
| 142 | ((unsigned long long)h4 * r0); | ||
| 120 | 143 | ||
| 121 | /* (partial) h %= p */ | 144 | /* (partial) h %= p */ |
| 122 | c = (unsigned long)(d0 >> 26); h0 = (unsigned long)d0 & 0x3ffffff; | 145 | c = (unsigned long)(d0 >> 26); |
| 123 | d1 += c; c = (unsigned long)(d1 >> 26); h1 = (unsigned long)d1 & 0x3ffffff; | 146 | h0 = (unsigned long)d0 & 0x3ffffff; |
| 124 | d2 += c; c = (unsigned long)(d2 >> 26); h2 = (unsigned long)d2 & 0x3ffffff; | 147 | d1 += c; |
| 125 | d3 += c; c = (unsigned long)(d3 >> 26); h3 = (unsigned long)d3 & 0x3ffffff; | 148 | c = (unsigned long)(d1 >> 26); |
| 126 | d4 += c; c = (unsigned long)(d4 >> 26); h4 = (unsigned long)d4 & 0x3ffffff; | 149 | h1 = (unsigned long)d1 & 0x3ffffff; |
| 127 | h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; | 150 | d2 += c; |
| 151 | c = (unsigned long)(d2 >> 26); | ||
| 152 | h2 = (unsigned long)d2 & 0x3ffffff; | ||
| 153 | d3 += c; | ||
| 154 | c = (unsigned long)(d3 >> 26); | ||
| 155 | h3 = (unsigned long)d3 & 0x3ffffff; | ||
| 156 | d4 += c; | ||
| 157 | c = (unsigned long)(d4 >> 26); | ||
| 158 | h4 = (unsigned long)d4 & 0x3ffffff; | ||
| 159 | h0 += c * 5; | ||
| 160 | c = (h0 >> 26); | ||
| 161 | h0 = h0 & 0x3ffffff; | ||
| 128 | h1 += c; | 162 | h1 += c; |
| 129 | 163 | ||
| 130 | m += poly1305_block_size; | 164 | m += poly1305_block_size; |
| @@ -139,7 +173,8 @@ poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t by | |||
| 139 | } | 173 | } |
| 140 | 174 | ||
| 141 | static inline void | 175 | static inline void |
| 142 | poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) { | 176 | poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) |
| 177 | { | ||
| 143 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; | 178 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; |
| 144 | size_t i; | 179 | size_t i; |
| 145 | 180 | ||
| @@ -176,10 +211,11 @@ poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) { | |||
| 176 | } | 211 | } |
| 177 | 212 | ||
| 178 | static inline void | 213 | static inline void |
| 179 | poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) { | 214 | poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) |
| 215 | { | ||
| 180 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; | 216 | poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; |
| 181 | unsigned long h0,h1,h2,h3,h4,c; | 217 | unsigned long h0, h1, h2, h3, h4, c; |
| 182 | unsigned long g0,g1,g2,g3,g4; | 218 | unsigned long g0, g1, g2, g3, g4; |
| 183 | unsigned long long f; | 219 | unsigned long long f; |
| 184 | unsigned long mask; | 220 | unsigned long mask; |
| 185 | 221 | ||
| @@ -200,18 +236,35 @@ poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) { | |||
| 200 | h3 = st->h[3]; | 236 | h3 = st->h[3]; |
| 201 | h4 = st->h[4]; | 237 | h4 = st->h[4]; |
| 202 | 238 | ||
| 203 | c = h1 >> 26; h1 = h1 & 0x3ffffff; | 239 | c = h1 >> 26; |
| 204 | h2 += c; c = h2 >> 26; h2 = h2 & 0x3ffffff; | 240 | h1 = h1 & 0x3ffffff; |
| 205 | h3 += c; c = h3 >> 26; h3 = h3 & 0x3ffffff; | 241 | h2 += c; |
| 206 | h4 += c; c = h4 >> 26; h4 = h4 & 0x3ffffff; | 242 | c = h2 >> 26; |
| 207 | h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff; | 243 | h2 = h2 & 0x3ffffff; |
| 208 | h1 += c; | 244 | h3 += c; |
| 245 | c = h3 >> 26; | ||
| 246 | h3 = h3 & 0x3ffffff; | ||
| 247 | h4 += c; | ||
| 248 | c = h4 >> 26; | ||
| 249 | h4 = h4 & 0x3ffffff; | ||
| 250 | h0 += c * 5; | ||
| 251 | c = h0 >> 26; | ||
| 252 | h0 = h0 & 0x3ffffff; | ||
| 253 | h1 += c; | ||
| 209 | 254 | ||
| 210 | /* compute h + -p */ | 255 | /* compute h + -p */ |
| 211 | g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff; | 256 | g0 = h0 + 5; |
| 212 | g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff; | 257 | c = g0 >> 26; |
| 213 | g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff; | 258 | g0 &= 0x3ffffff; |
| 214 | g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff; | 259 | g1 = h1 + c; |
| 260 | c = g1 >> 26; | ||
| 261 | g1 &= 0x3ffffff; | ||
| 262 | g2 = h2 + c; | ||
| 263 | c = g2 >> 26; | ||
| 264 | g2 &= 0x3ffffff; | ||
| 265 | g3 = h3 + c; | ||
| 266 | c = g3 >> 26; | ||
| 267 | g3 &= 0x3ffffff; | ||
| 215 | g4 = h4 + c - (1 << 26); | 268 | g4 = h4 + c - (1 << 26); |
| 216 | 269 | ||
| 217 | /* select h if h < p, or h + -p if h >= p */ | 270 | /* select h if h < p, or h + -p if h >= p */ |
| @@ -229,16 +282,20 @@ poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) { | |||
| 229 | h4 = (h4 & mask) | g4; | 282 | h4 = (h4 & mask) | g4; |
| 230 | 283 | ||
| 231 | /* h = h % (2^128) */ | 284 | /* h = h % (2^128) */ |
| 232 | h0 = ((h0 ) | (h1 << 26)) & 0xffffffff; | 285 | h0 = ((h0) | (h1 << 26)) & 0xffffffff; |
| 233 | h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; | 286 | h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; |
| 234 | h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; | 287 | h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; |
| 235 | h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; | 288 | h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; |
| 236 | 289 | ||
| 237 | /* mac = (h + pad) % (2^128) */ | 290 | /* mac = (h + pad) % (2^128) */ |
| 238 | f = (unsigned long long)h0 + st->pad[0] ; h0 = (unsigned long)f; | 291 | f = (unsigned long long)h0 + st->pad[0]; |
| 239 | f = (unsigned long long)h1 + st->pad[1] + (f >> 32); h1 = (unsigned long)f; | 292 | h0 = (unsigned long)f; |
| 240 | f = (unsigned long long)h2 + st->pad[2] + (f >> 32); h2 = (unsigned long)f; | 293 | f = (unsigned long long)h1 + st->pad[1] + (f >> 32); |
| 241 | f = (unsigned long long)h3 + st->pad[3] + (f >> 32); h3 = (unsigned long)f; | 294 | h1 = (unsigned long)f; |
| 295 | f = (unsigned long long)h2 + st->pad[2] + (f >> 32); | ||
| 296 | h2 = (unsigned long)f; | ||
| 297 | f = (unsigned long long)h3 + st->pad[3] + (f >> 32); | ||
| 298 | h3 = (unsigned long)f; | ||
| 242 | 299 | ||
| 243 | U32TO8(mac + 0, h0); | 300 | U32TO8(mac + 0, h0); |
| 244 | U32TO8(mac + 4, h1); | 301 | U32TO8(mac + 4, h1); |