1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-24 04:25:10 -07:00

aegis: use more self-explanatory names for keys and nonces

This commit is contained in:
Frank Denis 2020-09-27 22:40:57 +02:00
parent 6b51f7ffb1
commit 0454ae61c8
4 changed files with 42 additions and 38 deletions

View File

@ -47,28 +47,29 @@ crypto_aead_aegis128l_update(__m128i *const state, const __m128i d1, const __m12
} }
static void static void
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv, __m128i *const state) crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
{ {
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d, const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
0x55, 0x18, 0x3d, 0xdb); 0x55, 0x18, 0x3d, 0xdb);
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03, const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
0x02, 0x01, 0x01, 0x00); 0x02, 0x01, 0x01, 0x00);
__m128i k1, k2; __m128i k;
int i; __m128i n;
int i;
k1 = _mm_loadu_si128((const __m128i *) (const void *) key); k = _mm_loadu_si128((const __m128i *) (const void *) key);
k2 = _mm_xor_si128(k1, _mm_loadu_si128((const __m128i *) (const void *) iv)); n = _mm_loadu_si128((const __m128i *) (const void *) nonce);
state[0] = k2; state[0] = _mm_xor_si128(k, n);
state[1] = c1; state[1] = c1;
state[2] = c2; state[2] = c2;
state[3] = c1; state[3] = c1;
state[4] = k2; state[4] = _mm_xor_si128(k, n);
state[5] = _mm_xor_si128(k1, c2); state[5] = _mm_xor_si128(k, c2);
state[6] = _mm_xor_si128(k1, c1); state[6] = _mm_xor_si128(k, c1);
state[7] = _mm_xor_si128(k1, c2); state[7] = _mm_xor_si128(k, c2);
for (i = 0; i < 10; i++) { for (i = 0; i < 10; i++) {
crypto_aead_aegis128l_update(state, k1, k2); crypto_aead_aegis128l_update(state, n, k);
} }
} }

View File

@ -38,8 +38,8 @@ crypto_aead_aegis128l_update(uint8x16_t *const state,
} }
static void static void
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv, crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce,
uint8x16_t *const state) uint8x16_t *const state)
{ {
static CRYPTO_ALIGN(16) const unsigned char c1_[] = { static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1, 0x20, 0x11, 0x31, 0x42, 0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1, 0x20, 0x11, 0x31, 0x42,
@ -51,22 +51,23 @@ crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv,
}; };
const uint8x16_t c1 = vld1q_u8(c1_); const uint8x16_t c1 = vld1q_u8(c1_);
const uint8x16_t c2 = vld1q_u8(c2_); const uint8x16_t c2 = vld1q_u8(c2_);
uint8x16_t k1, k2; uint8x16_t key_block;
uint8x16_t nonce_block;
int i; int i;
k1 = vld1q_u8(key); key_block = vld1q_u8(key);
k2 = veorq_u8(k1, vld1q_u8(iv)); nonce_block = vld1q_u8(nonce);
state[0] = k2; state[0] = veorq_u8(key_block, nonce_block);
state[1] = c1; state[1] = c1;
state[2] = c2; state[2] = c2;
state[3] = c1; state[3] = c1;
state[4] = k2; state[4] = veorq_u8(key_block, nonce_block);
state[5] = veorq_u8(k1, c2); state[5] = veorq_u8(k1, c2);
state[6] = veorq_u8(k1, c1); state[6] = veorq_u8(k1, c1);
state[7] = veorq_u8(k1, c2); state[7] = veorq_u8(k1, c2);
for (i = 0; i < 10; i++) { for (i = 0; i < 10; i++) {
crypto_aead_aegis128l_update(state, k1, k2); crypto_aead_aegis128l_update(state, nonce_block, key_block);
} }
} }
@ -98,8 +99,8 @@ crypto_aead_aegis128l_mac(unsigned char *mac, unsigned long long mlen,
static void static void
crypto_aead_aegis128l_enc(unsigned char *const dst, crypto_aead_aegis128l_enc(unsigned char *const dst,
const unsigned char *const src, const unsigned char *const src,
uint8x16_t *const state) uint8x16_t *const state)
{ {
uint8x16_t msg0, msg1; uint8x16_t msg0, msg1;
uint8x16_t tmp0, tmp1; uint8x16_t tmp0, tmp1;

View File

@ -42,22 +42,23 @@ crypto_aead_aegis256_update(__m128i *const state, const __m128i data)
} }
static void static void
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m128i *const state) crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
{ {
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d, const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
0x55, 0x18, 0x3d, 0xdb); 0x55, 0x18, 0x3d, 0xdb);
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03, const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
0x02, 0x01, 0x01, 0x00); 0x02, 0x01, 0x01, 0x00);
__m128i k1, k2, k3, k4; __m128i k1, k2;
int i; __m128i kxn1, kxn2;
int i;
k1 = _mm_loadu_si128((const __m128i *) (const void *) &key[0]); k1 = _mm_loadu_si128((const __m128i *) (const void *) &key[0]);
k2 = _mm_loadu_si128((const __m128i *) (const void *) &key[16]); k2 = _mm_loadu_si128((const __m128i *) (const void *) &key[16]);
k3 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &iv[0])); kxn1 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &nonce[0]));
k4 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &iv[16])); kxn2 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &nonce[16]));
state[0] = k3; state[0] = kxn1;
state[1] = k4; state[1] = kxn2;
state[2] = c1; state[2] = c1;
state[3] = c2; state[3] = c2;
state[4] = _mm_xor_si128(k1, c2); state[4] = _mm_xor_si128(k1, c2);
@ -66,8 +67,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
crypto_aead_aegis256_update(state, k1); crypto_aead_aegis256_update(state, k1);
crypto_aead_aegis256_update(state, k2); crypto_aead_aegis256_update(state, k2);
crypto_aead_aegis256_update(state, k3); crypto_aead_aegis256_update(state, kxn1);
crypto_aead_aegis256_update(state, k4); crypto_aead_aegis256_update(state, kxn2);
} }
} }

View File

@ -32,7 +32,7 @@ crypto_aead_aegis256_update(uint8x16_t *const state, const uint8x16_t data)
} }
static void static void
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce,
uint8x16_t *const state) uint8x16_t *const state)
{ {
static CRYPTO_ALIGN(16) const unsigned char c1_[] = { static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
@ -45,16 +45,17 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
}; };
const uint8x16_t c1 = vld1q_u8(c1_); const uint8x16_t c1 = vld1q_u8(c1_);
const uint8x16_t c2 = vld1q_u8(c2_); const uint8x16_t c2 = vld1q_u8(c2_);
uint8x16_t k1, k2, k3, k4; uint8x16_t k1, k2;
uint8x16_t kxn1, kxn2;
int i; int i;
k1 = vld1q_u8(&key[0]); k1 = vld1q_u8(&key[0]);
k2 = vld1q_u8(&key[16]); k2 = vld1q_u8(&key[16]);
k3 = veorq_u8(k1, vld1q_u8(&iv[0])); kxn3 = veorq_u8(k1, vld1q_u8(&nonce[0]));
k4 = veorq_u8(k2, vld1q_u8(&iv[16])); kxn4 = veorq_u8(k2, vld1q_u8(&nonce[16]));
state[0] = k3; state[0] = kxn1;
state[1] = k4; state[1] = kxn2;
state[2] = c1; state[2] = c1;
state[3] = c2; state[3] = c2;
state[4] = veorq_u8(k1, c2); state[4] = veorq_u8(k1, c2);
@ -63,8 +64,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
crypto_aead_aegis256_update(state, k1); crypto_aead_aegis256_update(state, k1);
crypto_aead_aegis256_update(state, k2); crypto_aead_aegis256_update(state, k2);
crypto_aead_aegis256_update(state, k3); crypto_aead_aegis256_update(state, kxn1);
crypto_aead_aegis256_update(state, k4); crypto_aead_aegis256_update(state, kxn2);
} }
} }