mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-24 04:25:10 -07:00
aegis: use more self-explanatory names for keys and nonces
This commit is contained in:
parent
6b51f7ffb1
commit
0454ae61c8
@ -47,28 +47,29 @@ crypto_aead_aegis128l_update(__m128i *const state, const __m128i d1, const __m12
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv, __m128i *const state)
|
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
|
||||||
{
|
{
|
||||||
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
|
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
|
||||||
0x55, 0x18, 0x3d, 0xdb);
|
0x55, 0x18, 0x3d, 0xdb);
|
||||||
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
|
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
|
||||||
0x02, 0x01, 0x01, 0x00);
|
0x02, 0x01, 0x01, 0x00);
|
||||||
__m128i k1, k2;
|
__m128i k;
|
||||||
int i;
|
__m128i n;
|
||||||
|
int i;
|
||||||
|
|
||||||
k1 = _mm_loadu_si128((const __m128i *) (const void *) key);
|
k = _mm_loadu_si128((const __m128i *) (const void *) key);
|
||||||
k2 = _mm_xor_si128(k1, _mm_loadu_si128((const __m128i *) (const void *) iv));
|
n = _mm_loadu_si128((const __m128i *) (const void *) nonce);
|
||||||
|
|
||||||
state[0] = k2;
|
state[0] = _mm_xor_si128(k, n);
|
||||||
state[1] = c1;
|
state[1] = c1;
|
||||||
state[2] = c2;
|
state[2] = c2;
|
||||||
state[3] = c1;
|
state[3] = c1;
|
||||||
state[4] = k2;
|
state[4] = _mm_xor_si128(k, n);
|
||||||
state[5] = _mm_xor_si128(k1, c2);
|
state[5] = _mm_xor_si128(k, c2);
|
||||||
state[6] = _mm_xor_si128(k1, c1);
|
state[6] = _mm_xor_si128(k, c1);
|
||||||
state[7] = _mm_xor_si128(k1, c2);
|
state[7] = _mm_xor_si128(k, c2);
|
||||||
for (i = 0; i < 10; i++) {
|
for (i = 0; i < 10; i++) {
|
||||||
crypto_aead_aegis128l_update(state, k1, k2);
|
crypto_aead_aegis128l_update(state, n, k);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -38,8 +38,8 @@ crypto_aead_aegis128l_update(uint8x16_t *const state,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv,
|
crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *nonce,
|
||||||
uint8x16_t *const state)
|
uint8x16_t *const state)
|
||||||
{
|
{
|
||||||
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
|
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
|
||||||
0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1, 0x20, 0x11, 0x31, 0x42,
|
0xdb, 0x3d, 0x18, 0x55, 0x6d, 0xc2, 0x2f, 0xf1, 0x20, 0x11, 0x31, 0x42,
|
||||||
@ -51,22 +51,23 @@ crypto_aead_aegis128l_init(const unsigned char *key, const unsigned char *iv,
|
|||||||
};
|
};
|
||||||
const uint8x16_t c1 = vld1q_u8(c1_);
|
const uint8x16_t c1 = vld1q_u8(c1_);
|
||||||
const uint8x16_t c2 = vld1q_u8(c2_);
|
const uint8x16_t c2 = vld1q_u8(c2_);
|
||||||
uint8x16_t k1, k2;
|
uint8x16_t key_block;
|
||||||
|
uint8x16_t nonce_block;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
k1 = vld1q_u8(key);
|
key_block = vld1q_u8(key);
|
||||||
k2 = veorq_u8(k1, vld1q_u8(iv));
|
nonce_block = vld1q_u8(nonce);
|
||||||
|
|
||||||
state[0] = k2;
|
state[0] = veorq_u8(key_block, nonce_block);
|
||||||
state[1] = c1;
|
state[1] = c1;
|
||||||
state[2] = c2;
|
state[2] = c2;
|
||||||
state[3] = c1;
|
state[3] = c1;
|
||||||
state[4] = k2;
|
state[4] = veorq_u8(key_block, nonce_block);
|
||||||
state[5] = veorq_u8(k1, c2);
|
state[5] = veorq_u8(k1, c2);
|
||||||
state[6] = veorq_u8(k1, c1);
|
state[6] = veorq_u8(k1, c1);
|
||||||
state[7] = veorq_u8(k1, c2);
|
state[7] = veorq_u8(k1, c2);
|
||||||
for (i = 0; i < 10; i++) {
|
for (i = 0; i < 10; i++) {
|
||||||
crypto_aead_aegis128l_update(state, k1, k2);
|
crypto_aead_aegis128l_update(state, nonce_block, key_block);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -98,8 +99,8 @@ crypto_aead_aegis128l_mac(unsigned char *mac, unsigned long long mlen,
|
|||||||
|
|
||||||
static void
|
static void
|
||||||
crypto_aead_aegis128l_enc(unsigned char *const dst,
|
crypto_aead_aegis128l_enc(unsigned char *const dst,
|
||||||
const unsigned char *const src,
|
const unsigned char *const src,
|
||||||
uint8x16_t *const state)
|
uint8x16_t *const state)
|
||||||
{
|
{
|
||||||
uint8x16_t msg0, msg1;
|
uint8x16_t msg0, msg1;
|
||||||
uint8x16_t tmp0, tmp1;
|
uint8x16_t tmp0, tmp1;
|
||||||
|
@ -42,22 +42,23 @@ crypto_aead_aegis256_update(__m128i *const state, const __m128i data)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m128i *const state)
|
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce, __m128i *const state)
|
||||||
{
|
{
|
||||||
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
|
const __m128i c1 = _mm_set_epi8(0xdd, 0x28, 0xb5, 0x73, 0x42, 0x31, 0x11, 0x20, 0xf1, 0x2f, 0xc2, 0x6d,
|
||||||
0x55, 0x18, 0x3d, 0xdb);
|
0x55, 0x18, 0x3d, 0xdb);
|
||||||
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
|
const __m128i c2 = _mm_set_epi8(0x62, 0x79, 0xe9, 0x90, 0x59, 0x37, 0x22, 0x15, 0x0d, 0x08, 0x05, 0x03,
|
||||||
0x02, 0x01, 0x01, 0x00);
|
0x02, 0x01, 0x01, 0x00);
|
||||||
__m128i k1, k2, k3, k4;
|
__m128i k1, k2;
|
||||||
int i;
|
__m128i kxn1, kxn2;
|
||||||
|
int i;
|
||||||
|
|
||||||
k1 = _mm_loadu_si128((const __m128i *) (const void *) &key[0]);
|
k1 = _mm_loadu_si128((const __m128i *) (const void *) &key[0]);
|
||||||
k2 = _mm_loadu_si128((const __m128i *) (const void *) &key[16]);
|
k2 = _mm_loadu_si128((const __m128i *) (const void *) &key[16]);
|
||||||
k3 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &iv[0]));
|
kxn1 = _mm_xor_si128(k1, _mm_loadu_si128((__m128i *) (void *) &nonce[0]));
|
||||||
k4 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &iv[16]));
|
kxn2 = _mm_xor_si128(k2, _mm_loadu_si128((__m128i *) (void *) &nonce[16]));
|
||||||
|
|
||||||
state[0] = k3;
|
state[0] = kxn1;
|
||||||
state[1] = k4;
|
state[1] = kxn2;
|
||||||
state[2] = c1;
|
state[2] = c1;
|
||||||
state[3] = c2;
|
state[3] = c2;
|
||||||
state[4] = _mm_xor_si128(k1, c2);
|
state[4] = _mm_xor_si128(k1, c2);
|
||||||
@ -66,8 +67,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv, __m
|
|||||||
for (i = 0; i < 4; i++) {
|
for (i = 0; i < 4; i++) {
|
||||||
crypto_aead_aegis256_update(state, k1);
|
crypto_aead_aegis256_update(state, k1);
|
||||||
crypto_aead_aegis256_update(state, k2);
|
crypto_aead_aegis256_update(state, k2);
|
||||||
crypto_aead_aegis256_update(state, k3);
|
crypto_aead_aegis256_update(state, kxn1);
|
||||||
crypto_aead_aegis256_update(state, k4);
|
crypto_aead_aegis256_update(state, kxn2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ crypto_aead_aegis256_update(uint8x16_t *const state, const uint8x16_t data)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
|
crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *nonce,
|
||||||
uint8x16_t *const state)
|
uint8x16_t *const state)
|
||||||
{
|
{
|
||||||
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
|
static CRYPTO_ALIGN(16) const unsigned char c1_[] = {
|
||||||
@ -45,16 +45,17 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
|
|||||||
};
|
};
|
||||||
const uint8x16_t c1 = vld1q_u8(c1_);
|
const uint8x16_t c1 = vld1q_u8(c1_);
|
||||||
const uint8x16_t c2 = vld1q_u8(c2_);
|
const uint8x16_t c2 = vld1q_u8(c2_);
|
||||||
uint8x16_t k1, k2, k3, k4;
|
uint8x16_t k1, k2;
|
||||||
|
uint8x16_t kxn1, kxn2;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
k1 = vld1q_u8(&key[0]);
|
k1 = vld1q_u8(&key[0]);
|
||||||
k2 = vld1q_u8(&key[16]);
|
k2 = vld1q_u8(&key[16]);
|
||||||
k3 = veorq_u8(k1, vld1q_u8(&iv[0]));
|
kxn3 = veorq_u8(k1, vld1q_u8(&nonce[0]));
|
||||||
k4 = veorq_u8(k2, vld1q_u8(&iv[16]));
|
kxn4 = veorq_u8(k2, vld1q_u8(&nonce[16]));
|
||||||
|
|
||||||
state[0] = k3;
|
state[0] = kxn1;
|
||||||
state[1] = k4;
|
state[1] = kxn2;
|
||||||
state[2] = c1;
|
state[2] = c1;
|
||||||
state[3] = c2;
|
state[3] = c2;
|
||||||
state[4] = veorq_u8(k1, c2);
|
state[4] = veorq_u8(k1, c2);
|
||||||
@ -63,8 +64,8 @@ crypto_aead_aegis256_init(const unsigned char *key, const unsigned char *iv,
|
|||||||
for (i = 0; i < 4; i++) {
|
for (i = 0; i < 4; i++) {
|
||||||
crypto_aead_aegis256_update(state, k1);
|
crypto_aead_aegis256_update(state, k1);
|
||||||
crypto_aead_aegis256_update(state, k2);
|
crypto_aead_aegis256_update(state, k2);
|
||||||
crypto_aead_aegis256_update(state, k3);
|
crypto_aead_aegis256_update(state, kxn1);
|
||||||
crypto_aead_aegis256_update(state, k4);
|
crypto_aead_aegis256_update(state, kxn2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user