diff --git a/cbits/aes/gf.c b/cbits/aes/gf.c index 49e8106..7aeccf6 100644 --- a/cbits/aes/gf.c +++ b/cbits/aes/gf.c @@ -39,7 +39,7 @@ * to speed up the multiplication. * TODO: optimise with tables */ -void gf_mul(block128 *a, block128 *b) +void cryptonite_gf_mul(block128 *a, block128 *b) { uint64_t a0, a1, v0, v1; int i, j; @@ -62,7 +62,7 @@ void gf_mul(block128 *a, block128 *b) } /* inplace GFMUL for xts mode */ -void gf_mulx(block128 *a) +void cryptonite_gf_mulx(block128 *a) { const uint64_t gf_mask = cpu_to_le64(0x8000000000000000ULL); uint64_t r = ((a->q[1] & gf_mask) ? cpu_to_le64(0x87) : 0); diff --git a/cbits/aes/gf.h b/cbits/aes/gf.h index c69c2d6..329d290 100644 --- a/cbits/aes/gf.h +++ b/cbits/aes/gf.h @@ -1,38 +1,38 @@ -/* - * Copyright (c) 2012 Vincent Hanquez - * - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of his contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -#ifndef CRYPTONITE_AES_GF128MUL_H -#define CRYPTONITE_AES_GF128MUL_H - -#include "aes/block128.h" - -void gf_mul(block128 *a, block128 *b); -void gf_mulx(block128 *a); - -#endif +/* + * Copyright (c) 2012 Vincent Hanquez + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the author nor the names of his contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#ifndef CRYPTONITE_AES_GF128MUL_H +#define CRYPTONITE_AES_GF128MUL_H + +#include "aes/block128.h" + +void cryptonite_gf_mul(block128 *a, block128 *b); +void cryptonite_gf_mulx(block128 *a); + +#endif diff --git a/cbits/cryptonite_aes.c b/cbits/cryptonite_aes.c index 8f5027c..12d3164 100644 --- a/cbits/cryptonite_aes.c +++ b/cbits/cryptonite_aes.c @@ -336,7 +336,7 @@ void cryptonite_aes_ocb_decrypt(uint8_t *output, aes_ocb *ocb, aes_key *key, uin static void gcm_ghash_add(aes_gcm *gcm, block128 *b) { block128_xor(&gcm->tag, b); - gf_mul(&gcm->tag, &gcm->h); + cryptonite_gf_mul(&gcm->tag, &gcm->h); } void cryptonite_aes_gcm_init(aes_gcm *gcm, aes_key *key, uint8_t *iv, uint32_t len) @@ -359,15 +359,15 @@ void cryptonite_aes_gcm_init(aes_gcm *gcm, aes_key *key, uint8_t *iv, uint32_t l int i; for (; len >= 16; len -= 16, iv += 16) { block128_xor(&gcm->iv, (block128 *) iv); - gf_mul(&gcm->iv, &gcm->h); + cryptonite_gf_mul(&gcm->iv, &gcm->h); } if (len > 0) { block128_xor_bytes(&gcm->iv, iv, len); - gf_mul(&gcm->iv, &gcm->h); + cryptonite_gf_mul(&gcm->iv, &gcm->h); } for (i = 15; origlen; --i, origlen >>= 8) gcm->iv.b[i] ^= (uint8_t) origlen; - gf_mul(&gcm->iv, &gcm->h); + cryptonite_gf_mul(&gcm->iv, &gcm->h); } block128_copy(&gcm->civ, &gcm->iv); @@ -596,9 +596,9 @@ void cryptonite_aes_generic_encrypt_xts(aes_block *output, aes_key *k1, aes_key /* TO OPTIMISE: this is really inefficient way to do that */ while (spoint-- > 0) - gf_mulx(&tweak); + cryptonite_gf_mulx(&tweak); - for ( ; nb_blocks-- > 0; input++, output++, gf_mulx(&tweak)) { + for ( ; nb_blocks-- > 0; input++, output++, cryptonite_gf_mulx(&tweak)) { block128_vxor(&block, input, &tweak); cryptonite_aes_encrypt_block(&block, k1, &block); block128_vxor(output, &block, &tweak); @@ -616,9 +616,9 @@ void cryptonite_aes_generic_decrypt_xts(aes_block *output, aes_key *k1, aes_key /* TO OPTIMISE: this is really inefficient way to do that */ while (spoint-- > 0) - gf_mulx(&tweak); + cryptonite_gf_mulx(&tweak); - for ( ; nb_blocks-- > 0; input++, output++, gf_mulx(&tweak)) { + for ( ; nb_blocks-- > 0; input++, output++, cryptonite_gf_mulx(&tweak)) { block128_vxor(&block, input, &tweak); cryptonite_aes_decrypt_block(&block, k1, &block); block128_vxor(output, &block, &tweak);