diff options
Diffstat (limited to 'umac.c')
-rw-r--r-- | umac.c | 194 |
1 files changed, 97 insertions, 97 deletions
@@ -1,6 +1,6 @@ | |||
1 | /* $OpenBSD: umac.c,v 1.12 2017/05/31 08:09:45 markus Exp $ */ | 1 | /* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */ |
2 | /* ----------------------------------------------------------------------- | 2 | /* ----------------------------------------------------------------------- |
3 | * | 3 | * |
4 | * umac.c -- C Implementation UMAC Message Authentication | 4 | * umac.c -- C Implementation UMAC Message Authentication |
5 | * | 5 | * |
6 | * Version 0.93b of rfc4418.txt -- 2006 July 18 | 6 | * Version 0.93b of rfc4418.txt -- 2006 July 18 |
@@ -10,7 +10,7 @@ | |||
10 | * Please report bugs and suggestions to the UMAC webpage. | 10 | * Please report bugs and suggestions to the UMAC webpage. |
11 | * | 11 | * |
12 | * Copyright (c) 1999-2006 Ted Krovetz | 12 | * Copyright (c) 1999-2006 Ted Krovetz |
13 | * | 13 | * |
14 | * Permission to use, copy, modify, and distribute this software and | 14 | * Permission to use, copy, modify, and distribute this software and |
15 | * its documentation for any purpose and with or without fee, is hereby | 15 | * its documentation for any purpose and with or without fee, is hereby |
16 | * granted provided that the above copyright notice appears in all copies | 16 | * granted provided that the above copyright notice appears in all copies |
@@ -18,10 +18,10 @@ | |||
18 | * holder not be used in advertising or publicity pertaining to | 18 | * holder not be used in advertising or publicity pertaining to |
19 | * distribution of the software without specific, written prior permission. | 19 | * distribution of the software without specific, written prior permission. |
20 | * | 20 | * |
21 | * Comments should be directed to Ted Krovetz (tdk@acm.org) | 21 | * Comments should be directed to Ted Krovetz (tdk@acm.org) |
22 | * | 22 | * |
23 | * ---------------------------------------------------------------------- */ | 23 | * ---------------------------------------------------------------------- */ |
24 | 24 | ||
25 | /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// | 25 | /* ////////////////////// IMPORTANT NOTES ///////////////////////////////// |
26 | * | 26 | * |
27 | * 1) This version does not work properly on messages larger than 16MB | 27 | * 1) This version does not work properly on messages larger than 16MB |
@@ -47,7 +47,7 @@ | |||
47 | * produced under gcc with optimizations set -O3 or higher. Dunno why. | 47 | * produced under gcc with optimizations set -O3 or higher. Dunno why. |
48 | * | 48 | * |
49 | /////////////////////////////////////////////////////////////////////// */ | 49 | /////////////////////////////////////////////////////////////////////// */ |
50 | 50 | ||
51 | /* ---------------------------------------------------------------------- */ | 51 | /* ---------------------------------------------------------------------- */ |
52 | /* --- User Switches ---------------------------------------------------- */ | 52 | /* --- User Switches ---------------------------------------------------- */ |
53 | /* ---------------------------------------------------------------------- */ | 53 | /* ---------------------------------------------------------------------- */ |
@@ -187,11 +187,11 @@ static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) | |||
187 | UINT8 out_buf[AES_BLOCK_LEN]; | 187 | UINT8 out_buf[AES_BLOCK_LEN]; |
188 | UINT8 *dst_buf = (UINT8 *)bufp; | 188 | UINT8 *dst_buf = (UINT8 *)bufp; |
189 | int i; | 189 | int i; |
190 | 190 | ||
191 | /* Setup the initial value */ | 191 | /* Setup the initial value */ |
192 | in_buf[AES_BLOCK_LEN-9] = ndx; | 192 | in_buf[AES_BLOCK_LEN-9] = ndx; |
193 | in_buf[AES_BLOCK_LEN-1] = i = 1; | 193 | in_buf[AES_BLOCK_LEN-1] = i = 1; |
194 | 194 | ||
195 | while (nbytes >= AES_BLOCK_LEN) { | 195 | while (nbytes >= AES_BLOCK_LEN) { |
196 | aes_encryption(in_buf, out_buf, key); | 196 | aes_encryption(in_buf, out_buf, key); |
197 | memcpy(dst_buf,out_buf,AES_BLOCK_LEN); | 197 | memcpy(dst_buf,out_buf,AES_BLOCK_LEN); |
@@ -208,7 +208,7 @@ static void kdf(void *bufp, aes_int_key key, UINT8 ndx, int nbytes) | |||
208 | } | 208 | } |
209 | 209 | ||
210 | /* The final UHASH result is XOR'd with the output of a pseudorandom | 210 | /* The final UHASH result is XOR'd with the output of a pseudorandom |
211 | * function. Here, we use AES to generate random output and | 211 | * function. Here, we use AES to generate random output and |
212 | * xor the appropriate bytes depending on the last bits of nonce. | 212 | * xor the appropriate bytes depending on the last bits of nonce. |
213 | * This scheme is optimized for sequential, increasing big-endian nonces. | 213 | * This scheme is optimized for sequential, increasing big-endian nonces. |
214 | */ | 214 | */ |
@@ -222,10 +222,10 @@ typedef struct { | |||
222 | static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) | 222 | static void pdf_init(pdf_ctx *pc, aes_int_key prf_key) |
223 | { | 223 | { |
224 | UINT8 buf[UMAC_KEY_LEN]; | 224 | UINT8 buf[UMAC_KEY_LEN]; |
225 | 225 | ||
226 | kdf(buf, prf_key, 0, UMAC_KEY_LEN); | 226 | kdf(buf, prf_key, 0, UMAC_KEY_LEN); |
227 | aes_key_setup(buf, pc->prf_key); | 227 | aes_key_setup(buf, pc->prf_key); |
228 | 228 | ||
229 | /* Initialize pdf and cache */ | 229 | /* Initialize pdf and cache */ |
230 | memset(pc->nonce, 0, sizeof(pc->nonce)); | 230 | memset(pc->nonce, 0, sizeof(pc->nonce)); |
231 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 231 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
@@ -238,7 +238,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
238 | * of the AES output. If last time around we returned the ndx-1st | 238 | * of the AES output. If last time around we returned the ndx-1st |
239 | * element, then we may have the result in the cache already. | 239 | * element, then we may have the result in the cache already. |
240 | */ | 240 | */ |
241 | 241 | ||
242 | #if (UMAC_OUTPUT_LEN == 4) | 242 | #if (UMAC_OUTPUT_LEN == 4) |
243 | #define LOW_BIT_MASK 3 | 243 | #define LOW_BIT_MASK 3 |
244 | #elif (UMAC_OUTPUT_LEN == 8) | 244 | #elif (UMAC_OUTPUT_LEN == 8) |
@@ -255,7 +255,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
255 | #endif | 255 | #endif |
256 | *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; | 256 | *(UINT32 *)t.tmp_nonce_lo = ((const UINT32 *)nonce)[1]; |
257 | t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ | 257 | t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ |
258 | 258 | ||
259 | if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || | 259 | if ( (((UINT32 *)t.tmp_nonce_lo)[0] != ((UINT32 *)pc->nonce)[1]) || |
260 | (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) | 260 | (((const UINT32 *)nonce)[0] != ((UINT32 *)pc->nonce)[0]) ) |
261 | { | 261 | { |
@@ -263,7 +263,7 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
263 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; | 263 | ((UINT32 *)pc->nonce)[1] = ((UINT32 *)t.tmp_nonce_lo)[0]; |
264 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); | 264 | aes_encryption(pc->nonce, pc->cache, pc->prf_key); |
265 | } | 265 | } |
266 | 266 | ||
267 | #if (UMAC_OUTPUT_LEN == 4) | 267 | #if (UMAC_OUTPUT_LEN == 4) |
268 | *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; | 268 | *((UINT32 *)buf) ^= ((UINT32 *)pc->cache)[ndx]; |
269 | #elif (UMAC_OUTPUT_LEN == 8) | 269 | #elif (UMAC_OUTPUT_LEN == 8) |
@@ -284,28 +284,28 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) | |||
284 | /* ---------------------------------------------------------------------- */ | 284 | /* ---------------------------------------------------------------------- */ |
285 | 285 | ||
286 | /* The NH-based hash functions used in UMAC are described in the UMAC paper | 286 | /* The NH-based hash functions used in UMAC are described in the UMAC paper |
287 | * and specification, both of which can be found at the UMAC website. | 287 | * and specification, both of which can be found at the UMAC website. |
288 | * The interface to this implementation has two | 288 | * The interface to this implementation has two |
289 | * versions, one expects the entire message being hashed to be passed | 289 | * versions, one expects the entire message being hashed to be passed |
290 | * in a single buffer and returns the hash result immediately. The second | 290 | * in a single buffer and returns the hash result immediately. The second |
291 | * allows the message to be passed in a sequence of buffers. In the | 291 | * allows the message to be passed in a sequence of buffers. In the |
292 | * muliple-buffer interface, the client calls the routine nh_update() as | 292 | * muliple-buffer interface, the client calls the routine nh_update() as |
293 | * many times as necessary. When there is no more data to be fed to the | 293 | * many times as necessary. When there is no more data to be fed to the |
294 | * hash, the client calls nh_final() which calculates the hash output. | 294 | * hash, the client calls nh_final() which calculates the hash output. |
295 | * Before beginning another hash calculation the nh_reset() routine | 295 | * Before beginning another hash calculation the nh_reset() routine |
296 | * must be called. The single-buffer routine, nh(), is equivalent to | 296 | * must be called. The single-buffer routine, nh(), is equivalent to |
297 | * the sequence of calls nh_update() and nh_final(); however it is | 297 | * the sequence of calls nh_update() and nh_final(); however it is |
298 | * optimized and should be prefered whenever the multiple-buffer interface | 298 | * optimized and should be prefered whenever the multiple-buffer interface |
299 | * is not necessary. When using either interface, it is the client's | 299 | * is not necessary. When using either interface, it is the client's |
300 | * responsability to pass no more than L1_KEY_LEN bytes per hash result. | 300 | * responsability to pass no more than L1_KEY_LEN bytes per hash result. |
301 | * | 301 | * |
302 | * The routine nh_init() initializes the nh_ctx data structure and | 302 | * The routine nh_init() initializes the nh_ctx data structure and |
303 | * must be called once, before any other PDF routine. | 303 | * must be called once, before any other PDF routine. |
304 | */ | 304 | */ |
305 | 305 | ||
306 | /* The "nh_aux" routines do the actual NH hashing work. They | 306 | /* The "nh_aux" routines do the actual NH hashing work. They |
307 | * expect buffers to be multiples of L1_PAD_BOUNDARY. These routines | 307 | * expect buffers to be multiples of L1_PAD_BOUNDARY. These routines |
308 | * produce output for all STREAMS NH iterations in one call, | 308 | * produce output for all STREAMS NH iterations in one call, |
309 | * allowing the parallel implementation of the streams. | 309 | * allowing the parallel implementation of the streams. |
310 | */ | 310 | */ |
311 | 311 | ||
@@ -328,10 +328,10 @@ typedef struct { | |||
328 | #if (UMAC_OUTPUT_LEN == 4) | 328 | #if (UMAC_OUTPUT_LEN == 4) |
329 | 329 | ||
330 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | 330 | static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) |
331 | /* NH hashing primitive. Previous (partial) hash result is loaded and | 331 | /* NH hashing primitive. Previous (partial) hash result is loaded and |
332 | * then stored via hp pointer. The length of the data pointed at by "dp", | 332 | * then stored via hp pointer. The length of the data pointed at by "dp", |
333 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key | 333 | * "dlen", is guaranteed to be divisible by L1_PAD_BOUNDARY (32). Key |
334 | * is expected to be endian compensated in memory at key setup. | 334 | * is expected to be endian compensated in memory at key setup. |
335 | */ | 335 | */ |
336 | { | 336 | { |
337 | UINT64 h; | 337 | UINT64 h; |
@@ -340,7 +340,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
340 | const UINT32 *d = (const UINT32 *)dp; | 340 | const UINT32 *d = (const UINT32 *)dp; |
341 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 341 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
342 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; | 342 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7; |
343 | 343 | ||
344 | h = *((UINT64 *)hp); | 344 | h = *((UINT64 *)hp); |
345 | do { | 345 | do { |
346 | d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); | 346 | d0 = LOAD_UINT32_LITTLE(d+0); d1 = LOAD_UINT32_LITTLE(d+1); |
@@ -353,7 +353,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
353 | h += MUL64((k1 + d1), (k5 + d5)); | 353 | h += MUL64((k1 + d1), (k5 + d5)); |
354 | h += MUL64((k2 + d2), (k6 + d6)); | 354 | h += MUL64((k2 + d2), (k6 + d6)); |
355 | h += MUL64((k3 + d3), (k7 + d7)); | 355 | h += MUL64((k3 + d3), (k7 + d7)); |
356 | 356 | ||
357 | d += 8; | 357 | d += 8; |
358 | k += 8; | 358 | k += 8; |
359 | } while (--c); | 359 | } while (--c); |
@@ -421,7 +421,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
421 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; | 421 | UINT32 d0,d1,d2,d3,d4,d5,d6,d7; |
422 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 422 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
423 | k8,k9,k10,k11,k12,k13,k14,k15; | 423 | k8,k9,k10,k11,k12,k13,k14,k15; |
424 | 424 | ||
425 | h1 = *((UINT64 *)hp); | 425 | h1 = *((UINT64 *)hp); |
426 | h2 = *((UINT64 *)hp + 1); | 426 | h2 = *((UINT64 *)hp + 1); |
427 | h3 = *((UINT64 *)hp + 2); | 427 | h3 = *((UINT64 *)hp + 2); |
@@ -434,26 +434,26 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
434 | d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); | 434 | d6 = LOAD_UINT32_LITTLE(d+6); d7 = LOAD_UINT32_LITTLE(d+7); |
435 | k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); | 435 | k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
436 | k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); | 436 | k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
437 | 437 | ||
438 | h1 += MUL64((k0 + d0), (k4 + d4)); | 438 | h1 += MUL64((k0 + d0), (k4 + d4)); |
439 | h2 += MUL64((k4 + d0), (k8 + d4)); | 439 | h2 += MUL64((k4 + d0), (k8 + d4)); |
440 | h3 += MUL64((k8 + d0), (k12 + d4)); | 440 | h3 += MUL64((k8 + d0), (k12 + d4)); |
441 | 441 | ||
442 | h1 += MUL64((k1 + d1), (k5 + d5)); | 442 | h1 += MUL64((k1 + d1), (k5 + d5)); |
443 | h2 += MUL64((k5 + d1), (k9 + d5)); | 443 | h2 += MUL64((k5 + d1), (k9 + d5)); |
444 | h3 += MUL64((k9 + d1), (k13 + d5)); | 444 | h3 += MUL64((k9 + d1), (k13 + d5)); |
445 | 445 | ||
446 | h1 += MUL64((k2 + d2), (k6 + d6)); | 446 | h1 += MUL64((k2 + d2), (k6 + d6)); |
447 | h2 += MUL64((k6 + d2), (k10 + d6)); | 447 | h2 += MUL64((k6 + d2), (k10 + d6)); |
448 | h3 += MUL64((k10 + d2), (k14 + d6)); | 448 | h3 += MUL64((k10 + d2), (k14 + d6)); |
449 | 449 | ||
450 | h1 += MUL64((k3 + d3), (k7 + d7)); | 450 | h1 += MUL64((k3 + d3), (k7 + d7)); |
451 | h2 += MUL64((k7 + d3), (k11 + d7)); | 451 | h2 += MUL64((k7 + d3), (k11 + d7)); |
452 | h3 += MUL64((k11 + d3), (k15 + d7)); | 452 | h3 += MUL64((k11 + d3), (k15 + d7)); |
453 | 453 | ||
454 | k0 = k8; k1 = k9; k2 = k10; k3 = k11; | 454 | k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
455 | k4 = k12; k5 = k13; k6 = k14; k7 = k15; | 455 | k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
456 | 456 | ||
457 | d += 8; | 457 | d += 8; |
458 | k += 8; | 458 | k += 8; |
459 | } while (--c); | 459 | } while (--c); |
@@ -477,7 +477,7 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
477 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, | 477 | UINT32 k0,k1,k2,k3,k4,k5,k6,k7, |
478 | k8,k9,k10,k11,k12,k13,k14,k15, | 478 | k8,k9,k10,k11,k12,k13,k14,k15, |
479 | k16,k17,k18,k19; | 479 | k16,k17,k18,k19; |
480 | 480 | ||
481 | h1 = *((UINT64 *)hp); | 481 | h1 = *((UINT64 *)hp); |
482 | h2 = *((UINT64 *)hp + 1); | 482 | h2 = *((UINT64 *)hp + 1); |
483 | h3 = *((UINT64 *)hp + 2); | 483 | h3 = *((UINT64 *)hp + 2); |
@@ -492,31 +492,31 @@ static void nh_aux(void *kp, const void *dp, void *hp, UINT32 dlen) | |||
492 | k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); | 492 | k8 = *(k+8); k9 = *(k+9); k10 = *(k+10); k11 = *(k+11); |
493 | k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); | 493 | k12 = *(k+12); k13 = *(k+13); k14 = *(k+14); k15 = *(k+15); |
494 | k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); | 494 | k16 = *(k+16); k17 = *(k+17); k18 = *(k+18); k19 = *(k+19); |
495 | 495 | ||
496 | h1 += MUL64((k0 + d0), (k4 + d4)); | 496 | h1 += MUL64((k0 + d0), (k4 + d4)); |
497 | h2 += MUL64((k4 + d0), (k8 + d4)); | 497 | h2 += MUL64((k4 + d0), (k8 + d4)); |
498 | h3 += MUL64((k8 + d0), (k12 + d4)); | 498 | h3 += MUL64((k8 + d0), (k12 + d4)); |
499 | h4 += MUL64((k12 + d0), (k16 + d4)); | 499 | h4 += MUL64((k12 + d0), (k16 + d4)); |
500 | 500 | ||
501 | h1 += MUL64((k1 + d1), (k5 + d5)); | 501 | h1 += MUL64((k1 + d1), (k5 + d5)); |
502 | h2 += MUL64((k5 + d1), (k9 + d5)); | 502 | h2 += MUL64((k5 + d1), (k9 + d5)); |
503 | h3 += MUL64((k9 + d1), (k13 + d5)); | 503 | h3 += MUL64((k9 + d1), (k13 + d5)); |
504 | h4 += MUL64((k13 + d1), (k17 + d5)); | 504 | h4 += MUL64((k13 + d1), (k17 + d5)); |
505 | 505 | ||
506 | h1 += MUL64((k2 + d2), (k6 + d6)); | 506 | h1 += MUL64((k2 + d2), (k6 + d6)); |
507 | h2 += MUL64((k6 + d2), (k10 + d6)); | 507 | h2 += MUL64((k6 + d2), (k10 + d6)); |
508 | h3 += MUL64((k10 + d2), (k14 + d6)); | 508 | h3 += MUL64((k10 + d2), (k14 + d6)); |
509 | h4 += MUL64((k14 + d2), (k18 + d6)); | 509 | h4 += MUL64((k14 + d2), (k18 + d6)); |
510 | 510 | ||
511 | h1 += MUL64((k3 + d3), (k7 + d7)); | 511 | h1 += MUL64((k3 + d3), (k7 + d7)); |
512 | h2 += MUL64((k7 + d3), (k11 + d7)); | 512 | h2 += MUL64((k7 + d3), (k11 + d7)); |
513 | h3 += MUL64((k11 + d3), (k15 + d7)); | 513 | h3 += MUL64((k11 + d3), (k15 + d7)); |
514 | h4 += MUL64((k15 + d3), (k19 + d7)); | 514 | h4 += MUL64((k15 + d3), (k19 + d7)); |
515 | 515 | ||
516 | k0 = k8; k1 = k9; k2 = k10; k3 = k11; | 516 | k0 = k8; k1 = k9; k2 = k10; k3 = k11; |
517 | k4 = k12; k5 = k13; k6 = k14; k7 = k15; | 517 | k4 = k12; k5 = k13; k6 = k14; k7 = k15; |
518 | k8 = k16; k9 = k17; k10 = k18; k11 = k19; | 518 | k8 = k16; k9 = k17; k10 = k18; k11 = k19; |
519 | 519 | ||
520 | d += 8; | 520 | d += 8; |
521 | k += 8; | 521 | k += 8; |
522 | } while (--c); | 522 | } while (--c); |
@@ -541,7 +541,7 @@ static void nh_transform(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) | |||
541 | */ | 541 | */ |
542 | { | 542 | { |
543 | UINT8 *key; | 543 | UINT8 *key; |
544 | 544 | ||
545 | key = hc->nh_key + hc->bytes_hashed; | 545 | key = hc->nh_key + hc->bytes_hashed; |
546 | nh_aux(key, buf, hc->state, nbytes); | 546 | nh_aux(key, buf, hc->state, nbytes); |
547 | } | 547 | } |
@@ -613,7 +613,7 @@ static void nh_update(nh_ctx *hc, const UINT8 *buf, UINT32 nbytes) | |||
613 | /* even multiple of HASH_BUF_BYTES. */ | 613 | /* even multiple of HASH_BUF_BYTES. */ |
614 | { | 614 | { |
615 | UINT32 i,j; | 615 | UINT32 i,j; |
616 | 616 | ||
617 | j = hc->next_data_empty; | 617 | j = hc->next_data_empty; |
618 | if ((j + nbytes) >= HASH_BUF_BYTES) { | 618 | if ((j + nbytes) >= HASH_BUF_BYTES) { |
619 | if (j) { | 619 | if (j) { |
@@ -677,12 +677,12 @@ static void nh_final(nh_ctx *hc, UINT8 *result) | |||
677 | if (hc->next_data_empty != 0) { | 677 | if (hc->next_data_empty != 0) { |
678 | nh_len = ((hc->next_data_empty + (L1_PAD_BOUNDARY - 1)) & | 678 | nh_len = ((hc->next_data_empty + (L1_PAD_BOUNDARY - 1)) & |
679 | ~(L1_PAD_BOUNDARY - 1)); | 679 | ~(L1_PAD_BOUNDARY - 1)); |
680 | zero_pad(hc->data + hc->next_data_empty, | 680 | zero_pad(hc->data + hc->next_data_empty, |
681 | nh_len - hc->next_data_empty); | 681 | nh_len - hc->next_data_empty); |
682 | nh_transform(hc, hc->data, nh_len); | 682 | nh_transform(hc, hc->data, nh_len); |
683 | hc->bytes_hashed += hc->next_data_empty; | 683 | hc->bytes_hashed += hc->next_data_empty; |
684 | } else if (hc->bytes_hashed == 0) { | 684 | } else if (hc->bytes_hashed == 0) { |
685 | nh_len = L1_PAD_BOUNDARY; | 685 | nh_len = L1_PAD_BOUNDARY; |
686 | zero_pad(hc->data, L1_PAD_BOUNDARY); | 686 | zero_pad(hc->data, L1_PAD_BOUNDARY); |
687 | nh_transform(hc, hc->data, nh_len); | 687 | nh_transform(hc, hc->data, nh_len); |
688 | } | 688 | } |
@@ -711,10 +711,10 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, | |||
711 | */ | 711 | */ |
712 | { | 712 | { |
713 | UINT32 nbits; | 713 | UINT32 nbits; |
714 | 714 | ||
715 | /* Initialize the hash state */ | 715 | /* Initialize the hash state */ |
716 | nbits = (unpadded_len << 3); | 716 | nbits = (unpadded_len << 3); |
717 | 717 | ||
718 | ((UINT64 *)result)[0] = nbits; | 718 | ((UINT64 *)result)[0] = nbits; |
719 | #if (UMAC_OUTPUT_LEN >= 8) | 719 | #if (UMAC_OUTPUT_LEN >= 8) |
720 | ((UINT64 *)result)[1] = nbits; | 720 | ((UINT64 *)result)[1] = nbits; |
@@ -725,7 +725,7 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, | |||
725 | #if (UMAC_OUTPUT_LEN == 16) | 725 | #if (UMAC_OUTPUT_LEN == 16) |
726 | ((UINT64 *)result)[3] = nbits; | 726 | ((UINT64 *)result)[3] = nbits; |
727 | #endif | 727 | #endif |
728 | 728 | ||
729 | nh_aux(hc->nh_key, buf, result, padded_len); | 729 | nh_aux(hc->nh_key, buf, result, padded_len); |
730 | } | 730 | } |
731 | 731 | ||
@@ -744,16 +744,16 @@ static void nh(nh_ctx *hc, const UINT8 *buf, UINT32 padded_len, | |||
744 | * buffers are presented sequentially. In the sequential interface, the | 744 | * buffers are presented sequentially. In the sequential interface, the |
745 | * UHASH client calls the routine uhash_update() as many times as necessary. | 745 | * UHASH client calls the routine uhash_update() as many times as necessary. |
746 | * When there is no more data to be fed to UHASH, the client calls | 746 | * When there is no more data to be fed to UHASH, the client calls |
747 | * uhash_final() which | 747 | * uhash_final() which |
748 | * calculates the UHASH output. Before beginning another UHASH calculation | 748 | * calculates the UHASH output. Before beginning another UHASH calculation |
749 | * the uhash_reset() routine must be called. The all-at-once UHASH routine, | 749 | * the uhash_reset() routine must be called. The all-at-once UHASH routine, |
750 | * uhash(), is equivalent to the sequence of calls uhash_update() and | 750 | * uhash(), is equivalent to the sequence of calls uhash_update() and |
751 | * uhash_final(); however it is optimized and should be | 751 | * uhash_final(); however it is optimized and should be |
752 | * used whenever the sequential interface is not necessary. | 752 | * used whenever the sequential interface is not necessary. |
753 | * | 753 | * |
754 | * The routine uhash_init() initializes the uhash_ctx data structure and | 754 | * The routine uhash_init() initializes the uhash_ctx data structure and |
755 | * must be called once, before any other UHASH routine. | 755 | * must be called once, before any other UHASH routine. |
756 | */ | 756 | */ |
757 | 757 | ||
758 | /* ---------------------------------------------------------------------- */ | 758 | /* ---------------------------------------------------------------------- */ |
759 | /* ----- Constants and uhash_ctx ---------------------------------------- */ | 759 | /* ----- Constants and uhash_ctx ---------------------------------------- */ |
@@ -802,13 +802,13 @@ static UINT64 poly64(UINT64 cur, UINT64 key, UINT64 data) | |||
802 | x_lo, | 802 | x_lo, |
803 | x_hi; | 803 | x_hi; |
804 | UINT64 X,T,res; | 804 | UINT64 X,T,res; |
805 | 805 | ||
806 | X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); | 806 | X = MUL64(key_hi, cur_lo) + MUL64(cur_hi, key_lo); |
807 | x_lo = (UINT32)X; | 807 | x_lo = (UINT32)X; |
808 | x_hi = (UINT32)(X >> 32); | 808 | x_hi = (UINT32)(X >> 32); |
809 | 809 | ||
810 | res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); | 810 | res = (MUL64(key_hi, cur_hi) + x_hi) * 59 + MUL64(key_lo, cur_lo); |
811 | 811 | ||
812 | T = ((UINT64)x_lo << 32); | 812 | T = ((UINT64)x_lo << 32); |
813 | res += T; | 813 | res += T; |
814 | if (res < T) | 814 | if (res < T) |
@@ -832,10 +832,10 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[]) | |||
832 | { | 832 | { |
833 | int i; | 833 | int i; |
834 | UINT64 *data=(UINT64*)data_in; | 834 | UINT64 *data=(UINT64*)data_in; |
835 | 835 | ||
836 | for (i = 0; i < STREAMS; i++) { | 836 | for (i = 0; i < STREAMS; i++) { |
837 | if ((UINT32)(data[i] >> 32) == 0xfffffffful) { | 837 | if ((UINT32)(data[i] >> 32) == 0xfffffffful) { |
838 | hc->poly_accum[i] = poly64(hc->poly_accum[i], | 838 | hc->poly_accum[i] = poly64(hc->poly_accum[i], |
839 | hc->poly_key_8[i], p64 - 1); | 839 | hc->poly_key_8[i], p64 - 1); |
840 | hc->poly_accum[i] = poly64(hc->poly_accum[i], | 840 | hc->poly_accum[i] = poly64(hc->poly_accum[i], |
841 | hc->poly_key_8[i], (data[i] - 59)); | 841 | hc->poly_key_8[i], (data[i] - 59)); |
@@ -862,7 +862,7 @@ static UINT64 ip_aux(UINT64 t, UINT64 *ipkp, UINT64 data) | |||
862 | t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); | 862 | t = t + ipkp[1] * (UINT64)(UINT16)(data >> 32); |
863 | t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); | 863 | t = t + ipkp[2] * (UINT64)(UINT16)(data >> 16); |
864 | t = t + ipkp[3] * (UINT64)(UINT16)(data); | 864 | t = t + ipkp[3] * (UINT64)(UINT16)(data); |
865 | 865 | ||
866 | return t; | 866 | return t; |
867 | } | 867 | } |
868 | 868 | ||
@@ -870,7 +870,7 @@ static UINT32 ip_reduce_p36(UINT64 t) | |||
870 | { | 870 | { |
871 | /* Divisionless modular reduction */ | 871 | /* Divisionless modular reduction */ |
872 | UINT64 ret; | 872 | UINT64 ret; |
873 | 873 | ||
874 | ret = (t & m36) + 5 * (t >> 36); | 874 | ret = (t & m36) + 5 * (t >> 36); |
875 | if (ret >= p36) | 875 | if (ret >= p36) |
876 | ret -= p36; | 876 | ret -= p36; |
@@ -888,7 +888,7 @@ static void ip_short(uhash_ctx_t ahc, UINT8 *nh_res, u_char *res) | |||
888 | { | 888 | { |
889 | UINT64 t; | 889 | UINT64 t; |
890 | UINT64 *nhp = (UINT64 *)nh_res; | 890 | UINT64 *nhp = (UINT64 *)nh_res; |
891 | 891 | ||
892 | t = ip_aux(0,ahc->ip_keys, nhp[0]); | 892 | t = ip_aux(0,ahc->ip_keys, nhp[0]); |
893 | STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); | 893 | STORE_UINT32_BIG((UINT32 *)res+0, ip_reduce_p36(t) ^ ahc->ip_trans[0]); |
894 | #if (UMAC_OUTPUT_LEN >= 8) | 894 | #if (UMAC_OUTPUT_LEN >= 8) |
@@ -919,7 +919,7 @@ static void ip_long(uhash_ctx_t ahc, u_char *res) | |||
919 | if (ahc->poly_accum[i] >= p64) | 919 | if (ahc->poly_accum[i] >= p64) |
920 | ahc->poly_accum[i] -= p64; | 920 | ahc->poly_accum[i] -= p64; |
921 | t = ip_aux(0,ahc->ip_keys+(i*4), ahc->poly_accum[i]); | 921 | t = ip_aux(0,ahc->ip_keys+(i*4), ahc->poly_accum[i]); |
922 | STORE_UINT32_BIG((UINT32 *)res+i, | 922 | STORE_UINT32_BIG((UINT32 *)res+i, |
923 | ip_reduce_p36(t) ^ ahc->ip_trans[i]); | 923 | ip_reduce_p36(t) ^ ahc->ip_trans[i]); |
924 | } | 924 | } |
925 | } | 925 | } |
@@ -958,13 +958,13 @@ static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) | |||
958 | { | 958 | { |
959 | int i; | 959 | int i; |
960 | UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; | 960 | UINT8 buf[(8*STREAMS+4)*sizeof(UINT64)]; |
961 | 961 | ||
962 | /* Zero the entire uhash context */ | 962 | /* Zero the entire uhash context */ |
963 | memset(ahc, 0, sizeof(uhash_ctx)); | 963 | memset(ahc, 0, sizeof(uhash_ctx)); |
964 | 964 | ||
965 | /* Initialize the L1 hash */ | 965 | /* Initialize the L1 hash */ |
966 | nh_init(&ahc->hash, prf_key); | 966 | nh_init(&ahc->hash, prf_key); |
967 | 967 | ||
968 | /* Setup L2 hash variables */ | 968 | /* Setup L2 hash variables */ |
969 | kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ | 969 | kdf(buf, prf_key, 2, sizeof(buf)); /* Fill buffer with index 1 key */ |
970 | for (i = 0; i < STREAMS; i++) { | 970 | for (i = 0; i < STREAMS; i++) { |
@@ -978,17 +978,17 @@ static void uhash_init(uhash_ctx_t ahc, aes_int_key prf_key) | |||
978 | ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; | 978 | ahc->poly_key_8[i] &= ((UINT64)0x01ffffffu << 32) + 0x01ffffffu; |
979 | ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ | 979 | ahc->poly_accum[i] = 1; /* Our polyhash prepends a non-zero word */ |
980 | } | 980 | } |
981 | 981 | ||
982 | /* Setup L3-1 hash variables */ | 982 | /* Setup L3-1 hash variables */ |
983 | kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ | 983 | kdf(buf, prf_key, 3, sizeof(buf)); /* Fill buffer with index 2 key */ |
984 | for (i = 0; i < STREAMS; i++) | 984 | for (i = 0; i < STREAMS; i++) |
985 | memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64), | 985 | memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64), |
986 | 4*sizeof(UINT64)); | 986 | 4*sizeof(UINT64)); |
987 | endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), | 987 | endian_convert_if_le(ahc->ip_keys, sizeof(UINT64), |
988 | sizeof(ahc->ip_keys)); | 988 | sizeof(ahc->ip_keys)); |
989 | for (i = 0; i < STREAMS*4; i++) | 989 | for (i = 0; i < STREAMS*4; i++) |
990 | ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ | 990 | ahc->ip_keys[i] %= p36; /* Bring into Z_p36 */ |
991 | 991 | ||
992 | /* Setup L3-2 hash variables */ | 992 | /* Setup L3-2 hash variables */ |
993 | /* Fill buffer with index 4 key */ | 993 | /* Fill buffer with index 4 key */ |
994 | kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); | 994 | kdf(ahc->ip_trans, prf_key, 4, STREAMS * sizeof(UINT32)); |
@@ -1006,7 +1006,7 @@ static uhash_ctx_t uhash_alloc(u_char key[]) | |||
1006 | uhash_ctx_t ctx; | 1006 | uhash_ctx_t ctx; |
1007 | u_char bytes_to_add; | 1007 | u_char bytes_to_add; |
1008 | aes_int_key prf_key; | 1008 | aes_int_key prf_key; |
1009 | 1009 | ||
1010 | ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); | 1010 | ctx = (uhash_ctx_t)malloc(sizeof(uhash_ctx)+ALLOC_BOUNDARY); |
1011 | if (ctx) { | 1011 | if (ctx) { |
1012 | if (ALLOC_BOUNDARY) { | 1012 | if (ALLOC_BOUNDARY) { |
@@ -1029,7 +1029,7 @@ static int uhash_free(uhash_ctx_t ctx) | |||
1029 | { | 1029 | { |
1030 | /* Free memory allocated by uhash_alloc */ | 1030 | /* Free memory allocated by uhash_alloc */ |
1031 | u_char bytes_to_sub; | 1031 | u_char bytes_to_sub; |
1032 | 1032 | ||
1033 | if (ctx) { | 1033 | if (ctx) { |
1034 | if (ALLOC_BOUNDARY) { | 1034 | if (ALLOC_BOUNDARY) { |
1035 | bytes_to_sub = *((u_char *)ctx - 1); | 1035 | bytes_to_sub = *((u_char *)ctx - 1); |
@@ -1050,12 +1050,12 @@ static int uhash_update(uhash_ctx_t ctx, const u_char *input, long len) | |||
1050 | UWORD bytes_hashed, bytes_remaining; | 1050 | UWORD bytes_hashed, bytes_remaining; |
1051 | UINT64 result_buf[STREAMS]; | 1051 | UINT64 result_buf[STREAMS]; |
1052 | UINT8 *nh_result = (UINT8 *)&result_buf; | 1052 | UINT8 *nh_result = (UINT8 *)&result_buf; |
1053 | 1053 | ||
1054 | if (ctx->msg_len + len <= L1_KEY_LEN) { | 1054 | if (ctx->msg_len + len <= L1_KEY_LEN) { |
1055 | nh_update(&ctx->hash, (const UINT8 *)input, len); | 1055 | nh_update(&ctx->hash, (const UINT8 *)input, len); |
1056 | ctx->msg_len += len; | 1056 | ctx->msg_len += len; |
1057 | } else { | 1057 | } else { |
1058 | 1058 | ||
1059 | bytes_hashed = ctx->msg_len % L1_KEY_LEN; | 1059 | bytes_hashed = ctx->msg_len % L1_KEY_LEN; |
1060 | if (ctx->msg_len == L1_KEY_LEN) | 1060 | if (ctx->msg_len == L1_KEY_LEN) |
1061 | bytes_hashed = L1_KEY_LEN; | 1061 | bytes_hashed = L1_KEY_LEN; |
@@ -1128,15 +1128,15 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) | |||
1128 | UINT8 nh_result[STREAMS*sizeof(UINT64)]; | 1128 | UINT8 nh_result[STREAMS*sizeof(UINT64)]; |
1129 | UINT32 nh_len; | 1129 | UINT32 nh_len; |
1130 | int extra_zeroes_needed; | 1130 | int extra_zeroes_needed; |
1131 | 1131 | ||
1132 | /* If the message to be hashed is no longer than L1_HASH_LEN, we skip | 1132 | /* If the message to be hashed is no longer than L1_HASH_LEN, we skip |
1133 | * the polyhash. | 1133 | * the polyhash. |
1134 | */ | 1134 | */ |
1135 | if (len <= L1_KEY_LEN) { | 1135 | if (len <= L1_KEY_LEN) { |
1136 | if (len == 0) /* If zero length messages will not */ | 1136 | if (len == 0) /* If zero length messages will not */ |
1137 | nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ | 1137 | nh_len = L1_PAD_BOUNDARY; /* be seen, comment out this case */ |
1138 | else | 1138 | else |
1139 | nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); | 1139 | nh_len = ((len + (L1_PAD_BOUNDARY - 1)) & ~(L1_PAD_BOUNDARY - 1)); |
1140 | extra_zeroes_needed = nh_len - len; | 1140 | extra_zeroes_needed = nh_len - len; |
1141 | zero_pad((UINT8 *)msg + len, extra_zeroes_needed); | 1141 | zero_pad((UINT8 *)msg + len, extra_zeroes_needed); |
1142 | nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); | 1142 | nh(&ahc->hash, (UINT8 *)msg, nh_len, len, nh_result); |
@@ -1161,7 +1161,7 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) | |||
1161 | 1161 | ||
1162 | ip_long(ahc, res); | 1162 | ip_long(ahc, res); |
1163 | } | 1163 | } |
1164 | 1164 | ||
1165 | uhash_reset(ahc); | 1165 | uhash_reset(ahc); |
1166 | return 1; | 1166 | return 1; |
1167 | } | 1167 | } |
@@ -1175,9 +1175,9 @@ static int uhash(uhash_ctx_t ahc, u_char *msg, long len, u_char *res) | |||
1175 | 1175 | ||
1176 | /* The UMAC interface has two interfaces, an all-at-once interface where | 1176 | /* The UMAC interface has two interfaces, an all-at-once interface where |
1177 | * the entire message to be authenticated is passed to UMAC in one buffer, | 1177 | * the entire message to be authenticated is passed to UMAC in one buffer, |
1178 | * and a sequential interface where the message is presented a little at a | 1178 | * and a sequential interface where the message is presented a little at a |
1179 | * time. The all-at-once is more optimaized than the sequential version and | 1179 | * time. The all-at-once is more optimaized than the sequential version and |
1180 | * should be preferred when the sequential interface is not required. | 1180 | * should be preferred when the sequential interface is not required. |
1181 | */ | 1181 | */ |
1182 | struct umac_ctx { | 1182 | struct umac_ctx { |
1183 | uhash_ctx hash; /* Hash function for message compression */ | 1183 | uhash_ctx hash; /* Hash function for message compression */ |
@@ -1213,14 +1213,14 @@ int umac_delete(struct umac_ctx *ctx) | |||
1213 | /* ---------------------------------------------------------------------- */ | 1213 | /* ---------------------------------------------------------------------- */ |
1214 | 1214 | ||
1215 | struct umac_ctx *umac_new(const u_char key[]) | 1215 | struct umac_ctx *umac_new(const u_char key[]) |
1216 | /* Dynamically allocate a umac_ctx struct, initialize variables, | 1216 | /* Dynamically allocate a umac_ctx struct, initialize variables, |
1217 | * generate subkeys from key. Align to 16-byte boundary. | 1217 | * generate subkeys from key. Align to 16-byte boundary. |
1218 | */ | 1218 | */ |
1219 | { | 1219 | { |
1220 | struct umac_ctx *ctx, *octx; | 1220 | struct umac_ctx *ctx, *octx; |
1221 | size_t bytes_to_add; | 1221 | size_t bytes_to_add; |
1222 | aes_int_key prf_key; | 1222 | aes_int_key prf_key; |
1223 | 1223 | ||
1224 | octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); | 1224 | octx = ctx = xcalloc(1, sizeof(*ctx) + ALLOC_BOUNDARY); |
1225 | if (ctx) { | 1225 | if (ctx) { |
1226 | if (ALLOC_BOUNDARY) { | 1226 | if (ALLOC_BOUNDARY) { |
@@ -1234,7 +1234,7 @@ struct umac_ctx *umac_new(const u_char key[]) | |||
1234 | uhash_init(&ctx->hash, prf_key); | 1234 | uhash_init(&ctx->hash, prf_key); |
1235 | explicit_bzero(prf_key, sizeof(prf_key)); | 1235 | explicit_bzero(prf_key, sizeof(prf_key)); |
1236 | } | 1236 | } |
1237 | 1237 | ||
1238 | return (ctx); | 1238 | return (ctx); |
1239 | } | 1239 | } |
1240 | 1240 | ||
@@ -1245,7 +1245,7 @@ int umac_final(struct umac_ctx *ctx, u_char tag[], const u_char nonce[8]) | |||
1245 | { | 1245 | { |
1246 | uhash_final(&ctx->hash, (u_char *)tag); | 1246 | uhash_final(&ctx->hash, (u_char *)tag); |
1247 | pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); | 1247 | pdf_gen_xor(&ctx->pdf, (const UINT8 *)nonce, (UINT8 *)tag); |
1248 | 1248 | ||
1249 | return (1); | 1249 | return (1); |
1250 | } | 1250 | } |
1251 | 1251 | ||
@@ -1263,14 +1263,14 @@ int umac_update(struct umac_ctx *ctx, const u_char *input, long len) | |||
1263 | /* ---------------------------------------------------------------------- */ | 1263 | /* ---------------------------------------------------------------------- */ |
1264 | 1264 | ||
1265 | #if 0 | 1265 | #if 0 |
1266 | int umac(struct umac_ctx *ctx, u_char *input, | 1266 | int umac(struct umac_ctx *ctx, u_char *input, |
1267 | long len, u_char tag[], | 1267 | long len, u_char tag[], |
1268 | u_char nonce[8]) | 1268 | u_char nonce[8]) |
1269 | /* All-in-one version simply calls umac_update() and umac_final(). */ | 1269 | /* All-in-one version simply calls umac_update() and umac_final(). */ |
1270 | { | 1270 | { |
1271 | uhash(&ctx->hash, input, len, (u_char *)tag); | 1271 | uhash(&ctx->hash, input, len, (u_char *)tag); |
1272 | pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); | 1272 | pdf_gen_xor(&ctx->pdf, (UINT8 *)nonce, (UINT8 *)tag); |
1273 | 1273 | ||
1274 | return (1); | 1274 | return (1); |
1275 | } | 1275 | } |
1276 | #endif | 1276 | #endif |