Simplify polynomial doubling code

GCC and Clang generate effectively identical code for a template with parameters, vs completely unrolled code as was used previously. Add a little-endian variant so XTS can use it. This extends XTS support to cover 256 and 512-bit ciphers. I was not able to find another implementation that supports both XTS and ciphers with large blocks, so the XTS test vectors are self-generated.
author: Jack Lloyd <[email protected]> 2017-09-05 11:18:17 -0400
committer: Jack Lloyd <[email protected]> 2017-09-05 11:18:17 -0400
commit: f5cd933003d36a725a6127fac070b76d4be6d462 (patch)
tree: 2765b9012c09f3f417a60b6bd0f345288a460b1c /src/lib/mac
parent: f82a70b5b379e947c92547cab4b4949dc9748e3d (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/src/lib/mac/cmac/cmac.cpp b/src/lib/mac/cmac/cmac.cpp
index 4d76e4a20..665bfe3c0 100644
--- a/src/lib/mac/cmac/cmac.cpp
+++ b/src/lib/mac/cmac/cmac.cpp
@@ -15,8 +15,8 @@ namespace Botan {
 */
 secure_vector<uint8_t> CMAC::poly_double(const secure_vector<uint8_t>& in)
    {
-   secure_vector<uint8_t> out = in;
-   poly_double_n(out.data(), out.size());
+   secure_vector<uint8_t> out(in.size());
+   poly_double_n(out.data(), in.data(), out.size());
    return out;
    }
 
@@ -81,9 +81,7 @@ void CMAC::key_schedule(const uint8_t key[], size_t length)
    m_cipher->set_key(key, length);
    m_cipher->encrypt(m_B);
    poly_double_n(m_B.data(), m_B.size());
-
-   m_P = m_B;
-   poly_double_n(m_P.data(), m_P.size());
+   poly_double_n(m_P.data(), m_B.data(), m_P.size());
    }
 
 /*
author	Jack Lloyd <[email protected]>	2017-09-05 11:18:17 -0400
committer	Jack Lloyd <[email protected]>	2017-09-05 11:18:17 -0400
commit	f5cd933003d36a725a6127fac070b76d4be6d462 (patch)
tree	2765b9012c09f3f417a60b6bd0f345288a460b1c /src/lib/mac
parent	f82a70b5b379e947c92547cab4b4949dc9748e3d (diff)