Created
August 7, 2013 22:53
-
-
Save seb-m/6179677 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- a/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c | |
| +++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c | |
| @@ -5,6 +5,20 @@ | |
| #include "portable-jane.h" | |
| +static uint32_t INLINE fU8TO32_LE_SLOW(const uint8_t *p) { | |
| + return (((uint32_t)(p[0]) ) | | |
| + ((uint32_t)(p[1]) << 8) | | |
| + ((uint32_t)(p[2]) << 16) | | |
| + ((uint32_t)(p[3]) << 24)); | |
| +} | |
| + | |
| +static void INLINE fU32TO8_LE_SLOW(uint8_t *p, const uint32_t v) { | |
| + p[0] = (uint8_t)(v ); | |
| + p[1] = (uint8_t)(v >> 8); | |
| + p[2] = (uint8_t)(v >> 16); | |
| + p[3] = (uint8_t)(v >> 24); | |
| +} | |
| + | |
| int | |
| crypto_onetimeauth(unsigned char *out, const unsigned char *m, | |
| unsigned long long inlen, const unsigned char *key) | |
| @@ -22,10 +36,10 @@ crypto_onetimeauth(unsigned char *out, const unsigned char *m, | |
| unsigned char mp[16]; | |
| /* clamp key */ | |
| - t0 = U8TO32_LE(key+0); | |
| - t1 = U8TO32_LE(key+4); | |
| - t2 = U8TO32_LE(key+8); | |
| - t3 = U8TO32_LE(key+12); | |
| + t0 = fU8TO32_LE_SLOW(key+0); | |
| + t1 = fU8TO32_LE_SLOW(key+4); | |
| + t2 = fU8TO32_LE_SLOW(key+8); | |
| + t3 = fU8TO32_LE_SLOW(key+12); | |
| /* precompute multipliers */ | |
| r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6; | |
| @@ -52,10 +66,10 @@ poly1305_donna_16bytes: | |
| m += 16; | |
| inlen -= 16; | |
| - t0 = U8TO32_LE(m-16); | |
| - t1 = U8TO32_LE(m-12); | |
| - t2 = U8TO32_LE(m-8); | |
| - t3 = U8TO32_LE(m-4); | |
| + t0 = fU8TO32_LE_SLOW(m-16); | |
| + t1 = fU8TO32_LE_SLOW(m-12); | |
| + t2 = fU8TO32_LE_SLOW(m-8); | |
| + t3 = fU8TO32_LE_SLOW(m-4); | |
| h0 += t0 & 0x3ffffff; | |
| h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; | |
| @@ -89,10 +103,10 @@ poly1305_donna_atmost15bytes: | |
| for (; j < 16; j++) mp[j] = 0; | |
| inlen = 0; | |
| - t0 = U8TO32_LE(mp+0); | |
| - t1 = U8TO32_LE(mp+4); | |
| - t2 = U8TO32_LE(mp+8); | |
| - t3 = U8TO32_LE(mp+12); | |
| + t0 = fU8TO32_LE_SLOW(mp+0); | |
| + t1 = fU8TO32_LE_SLOW(mp+4); | |
| + t2 = fU8TO32_LE_SLOW(mp+8); | |
| + t3 = fU8TO32_LE_SLOW(mp+12); | |
| h0 += t0 & 0x3ffffff; | |
| h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff; | |
| @@ -124,15 +138,15 @@ poly1305_donna_finish: | |
| h3 = (h3 & nb) | (g3 & b); | |
| h4 = (h4 & nb) | (g4 & b); | |
| - f0 = ((h0 ) | (h1 << 26)) + (uint64_t)U8TO32_LE(&key[16]); | |
| - f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)U8TO32_LE(&key[20]); | |
| - f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)U8TO32_LE(&key[24]); | |
| - f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)U8TO32_LE(&key[28]); | |
| + f0 = ((h0 ) | (h1 << 26)) + (uint64_t)fU8TO32_LE_SLOW(&key[16]); | |
| + f1 = ((h1 >> 6) | (h2 << 20)) + (uint64_t)fU8TO32_LE_SLOW(&key[20]); | |
| + f2 = ((h2 >> 12) | (h3 << 14)) + (uint64_t)fU8TO32_LE_SLOW(&key[24]); | |
| + f3 = ((h3 >> 18) | (h4 << 8)) + (uint64_t)fU8TO32_LE_SLOW(&key[28]); | |
| - U32TO8_LE(&out[ 0], f0); f1 += (f0 >> 32); | |
| - U32TO8_LE(&out[ 4], f1); f2 += (f1 >> 32); | |
| - U32TO8_LE(&out[ 8], f2); f3 += (f2 >> 32); | |
| - U32TO8_LE(&out[12], f3); | |
| + fU32TO8_LE_SLOW(&out[ 0], f0); f1 += (f0 >> 32); | |
| + fU32TO8_LE_SLOW(&out[ 4], f1); f2 += (f1 >> 32); | |
| + fU32TO8_LE_SLOW(&out[ 8], f2); f3 += (f2 >> 32); | |
| + fU32TO8_LE_SLOW(&out[12], f3); | |
| return 0; | |
| } |
Of course! it was just a quick hack to test the code, the right way I think is to appropriately select the macro in portable-jane.h
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should probably fix
portable-jane.hinstead.