mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-11 04:55:41 +00:00
cmac: factor multiply by u to its own function
We're doing exactly the same operation for K1 and K2.
This commit is contained in:
parent
3da5402a89
commit
a610b4c04b
|
@ -82,24 +82,28 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx )
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Leftshift a 16-byte block by 1 bit
|
* Multiply by u in GF(2^128)
|
||||||
* \note output can be same as input
|
*
|
||||||
|
* As explained in the paper, this can be achieved as
|
||||||
|
* If MSB(p) = 0, then p = (p << 1)
|
||||||
|
* If MSB(p) = 1, then p = (p << 1) ^ Rb
|
||||||
|
* with Rb = 0x87
|
||||||
|
*
|
||||||
|
* Input and output MUST not point to the same buffer
|
||||||
*/
|
*/
|
||||||
static void leftshift_onebit( unsigned char *input, unsigned char *output )
|
static void multiply_by_u( unsigned char *output, const unsigned char *input )
|
||||||
{
|
{
|
||||||
int i;
|
static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */
|
||||||
unsigned char temp;
|
|
||||||
unsigned char overflow = 0;
|
unsigned char overflow = 0;
|
||||||
|
int i;
|
||||||
|
|
||||||
for( i = 15; i >= 0; i-- )
|
for( i = 15; i >= 0; i-- )
|
||||||
{
|
{
|
||||||
temp = input[i];
|
output[i] = input[i] << 1 | overflow;
|
||||||
output[i] = temp << 1;
|
overflow = input[i] >> 7;
|
||||||
output[i] |= overflow;
|
|
||||||
overflow = temp >> 7;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return;
|
output[15] ^= Rb[input[0] >> 7]; /* "Constant-time" operation */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -107,7 +111,6 @@ static void leftshift_onebit( unsigned char *input, unsigned char *output )
|
||||||
*/
|
*/
|
||||||
static int generate_subkeys( mbedtls_cmac_context *ctx )
|
static int generate_subkeys( mbedtls_cmac_context *ctx )
|
||||||
{
|
{
|
||||||
static const unsigned char Rb[2] = { 0x00, 0x87 }; /* block size 16 only */
|
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char L[16];
|
unsigned char L[16];
|
||||||
size_t olen;
|
size_t olen;
|
||||||
|
@ -121,20 +124,10 @@ static int generate_subkeys( mbedtls_cmac_context *ctx )
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate K1
|
* Generate K1 and K2
|
||||||
* If MSB(L) = 0, then K1 = (L << 1)
|
|
||||||
* If MSB(L) = 1, then K1 = (L << 1) ^ Rb
|
|
||||||
*/
|
*/
|
||||||
leftshift_onebit( L, ctx->K1 );
|
multiply_by_u( ctx->K1, L );
|
||||||
ctx->K1[15] ^= Rb[L[0] >> 7]; /* "Constant-time" operation */
|
multiply_by_u( ctx->K2, ctx->K1 );
|
||||||
|
|
||||||
/*
|
|
||||||
* Generate K2
|
|
||||||
* If MSB(K1) == 0, then K2 = (K1 << 1)
|
|
||||||
* If MSB(K1) == 1, then K2 = (K1 << 1) ^ Rb
|
|
||||||
*/
|
|
||||||
leftshift_onebit( ctx->K1, ctx->K2 );
|
|
||||||
ctx->K2[15] ^= Rb[ctx->K1[0] >> 7]; /* "Constant-time" operation */
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue