1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

aegis: use more self-explanatory names for keys and nonces

This commit is contained in:
Frank Denis 2020-09-27 22:40:57 +02:00
parent 6b51f7ffb1
commit 0454ae61c8
4 changed files with 42 additions and 38 deletions

View File

@ -47,28 +47,29 @@ crypto_aead_aegis128l_update(__m128i *const state, const __m128i d1, const __m12
}
static void
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv, __m128i *const state)
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
{
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
0x55, 0x18, 0x3d, 0xdb);
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
0x02, 0x01, 0x01, 0x00);
__m128i k1, k2;
int i;
__m128i k;
__m128i n;
int i;
k1 = _mm_loadu_si128((const __m128i *) (const void *) key);
k2 = _mm_xor_si128(k1, _mm_loadu_si128((const __m128i *) (const void *) iv));
k = _mm_loadu_si128((const __m128i *) (const void *) key);
n = _mm_loadu_si128((const __m128i *) (const void *) nonce);
state[0] = k2;
state[0] = _mm_xor_si128(k, n);
state[1] = c1;
state[2] = c2;
state[3] = c1;
state[4] = k2;
state[5] = _mm_xor_si128(k1, c2);
state[6] = _mm_xor_si128(k1, c1);
state[7] = _mm_xor_si128(k1, c2);
state[4] = _mm_xor_si128(k, n);
state[5] = _mm_xor_si128(k, c2);
state[6] = _mm_xor_si128(k, c1);
state[7] = _mm_xor_si128(k, c2);
for (i = 0; i < 10; i++) {
crypto_aead_aegis128l_update(state, k1, k2);
crypto_aead_aegis128l_update(state, n, k);
}
}

View File

@ -38,8 +38,8 @@ crypto_aead_aegis128l_update(uint8x16_t *const state,
}
static void
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv,
uint8x16_t *const state)
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce,
uint8x16_t *const state)
{
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1, 0x20, 0x11, 0x31, 0x42,
@ -51,22 +51,23 @@ crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv,
};
const uint8x16_t c1 = vld1q_u8(c1_);
const uint8x16_t c2 = vld1q_u8(c2_);
uint8x16_t k1, k2;
uint8x16_t key_block;
uint8x16_t nonce_block;
int i;
k1 = vld1q_u8(key);
k2 = veorq_u8(k1, vld1q_u8(iv));
key_block = vld1q_u8(key);
nonce_block = vld1q_u8(nonce);
state[0] = k2;
state[0] = veorq_u8(key_block, nonce_block);
state[1] = c1;
state[2] = c2;
state[3] = c1;
state[4] = k2;
state[4] = veorq_u8(key_block, nonce_block);
state[5] = veorq_u8(k1, c2);
state[6] = veorq_u8(k1, c1);
state[7] = veorq_u8(k1, c2);
for (i = 0; i < 10; i++) {
crypto_aead_aegis128l_update(state, k1, k2);
crypto_aead_aegis128l_update(state, nonce_block, key_block);
}
}
@ -98,8 +99,8 @@ crypto_aead_aegis128l_mac(unsigned char *mac, unsigned long long mlen,
static void
crypto_aead_aegis128l_enc(unsigned char *const dst,
const unsigned char *const src,
uint8x16_t *const state)
const unsigned char *const src,
uint8x16_t *const state)
{
uint8x16_t msg0, msg1;
uint8x16_t tmp0, tmp1;

View File

@ -42,22 +42,23 @@ crypto_aead_aegis256_update(__m128i *const state, const __m128i data)
}
static void
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m128i *const state)
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
{
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
0x55, 0x18, 0x3d, 0xdb);
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
0x02, 0x01, 0x01, 0x00);
__m128i k1, k2, k3, k4;
int i;
__m128i k1, k2;
__m128i kxn1, kxn2;
int i;
k1 = _mm_loadu_si128((const __m128i *) (const void *) &key[0]);
k2 = _mm_loadu_si128((const __m128i *) (const void *) &key[16]);
k3 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &iv[0]));
k4 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &iv[16]));
kxn1 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &nonce[0]));
kxn2 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &nonce[16]));
state[0] = k3;
state[1] = k4;
state[0] = kxn1;
state[1] = kxn2;
state[2] = c1;
state[3] = c2;
state[4] = _mm_xor_si128(k1, c2);
@ -66,8 +67,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m
for (i = 0; i < 4; i++) {
crypto_aead_aegis256_update(state, k1);
crypto_aead_aegis256_update(state, k2);
crypto_aead_aegis256_update(state, k3);
crypto_aead_aegis256_update(state, k4);
crypto_aead_aegis256_update(state, kxn1);
crypto_aead_aegis256_update(state, kxn2);
}
}

View File

@ -32,7 +32,7 @@ crypto_aead_aegis256_update(uint8x16_t *const state, const uint8x16_t data)
}
static void
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce,
uint8x16_t *const state)
{
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
@ -45,16 +45,17 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
};
const uint8x16_t c1 = vld1q_u8(c1_);
const uint8x16_t c2 = vld1q_u8(c2_);
uint8x16_t k1, k2, k3, k4;
uint8x16_t k1, k2;
uint8x16_t kxn1, kxn2;
int i;
k1 = vld1q_u8(&key[0]);
k2 = vld1q_u8(&key[16]);
k3 = veorq_u8(k1, vld1q_u8(&iv[0]));
k4 = veorq_u8(k2, vld1q_u8(&iv[16]));
kxn3 = veorq_u8(k1, vld1q_u8(&nonce[0]));
kxn4 = veorq_u8(k2, vld1q_u8(&nonce[16]));
state[0] = k3;
state[1] = k4;
state[0] = kxn1;
state[1] = kxn2;
state[2] = c1;
state[3] = c2;
state[4] = veorq_u8(k1, c2);
@ -63,8 +64,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
for (i = 0; i < 4; i++) {
crypto_aead_aegis256_update(state, k1);
crypto_aead_aegis256_update(state, k2);
crypto_aead_aegis256_update(state, k3);
crypto_aead_aegis256_update(state, k4);
crypto_aead_aegis256_update(state, kxn1);
crypto_aead_aegis256_update(state, kxn2);
}
}