aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/modes/aead
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-08-15 14:34:06 -0400
committerJack Lloyd <[email protected]>2017-08-15 14:34:06 -0400
commit2266362024009f0364a07dd1bcff5115180f40a7 (patch)
tree18804ff157bab625de6c095099f74971e529b566 /src/lib/modes/aead
parentba2c6c7b020497178776b4574ed329586f97c211 (diff)
Improve polynomial doubling code, move to util
Now does 64-bits at a time instead of 8 bits, and avoids conditional timing channel on the XOR carry. Confirmed that at least GCC 7 and Clang 4 on x86-64 compile the functions without conditional jumps. Also removes CMAC as a dependency of OCB, which only needed it in order to call CMAC::poly_double
Diffstat (limited to 'src/lib/modes/aead')
-rw-r--r--src/lib/modes/aead/ocb/info.txt4
-rw-r--r--src/lib/modes/aead/ocb/ocb.cpp6
-rw-r--r--src/lib/modes/aead/siv/siv.cpp7
3 files changed, 8 insertions, 9 deletions
diff --git a/src/lib/modes/aead/ocb/info.txt b/src/lib/modes/aead/ocb/info.txt
index 738d7c20e..ab4c5297e 100644
--- a/src/lib/modes/aead/ocb/info.txt
+++ b/src/lib/modes/aead/ocb/info.txt
@@ -1,7 +1,3 @@
<defines>
AEAD_OCB -> 20131128
</defines>
-
-<requires>
-cmac
-</requires>
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp
index e1fae911b..42118c25c 100644
--- a/src/lib/modes/aead/ocb/ocb.cpp
+++ b/src/lib/modes/aead/ocb/ocb.cpp
@@ -7,7 +7,7 @@
*/
#include <botan/ocb.h>
-#include <botan/cmac.h>
+#include <botan/internal/poly_dbl.h>
#include <botan/internal/bit_ops.h>
namespace Botan {
@@ -56,7 +56,9 @@ class L_computer
secure_vector<uint8_t> poly_double(const secure_vector<uint8_t>& in) const
{
- return CMAC::poly_double(in);
+ secure_vector<uint8_t> out = in;
+ poly_double_n(out.data(), out.size());
+ return out;
}
secure_vector<uint8_t> m_L_dollar, m_L_star;
diff --git a/src/lib/modes/aead/siv/siv.cpp b/src/lib/modes/aead/siv/siv.cpp
index c4db3d785..70545243b 100644
--- a/src/lib/modes/aead/siv/siv.cpp
+++ b/src/lib/modes/aead/siv/siv.cpp
@@ -8,6 +8,7 @@
#include <botan/siv.h>
#include <botan/cmac.h>
+#include <botan/internal/poly_dbl.h>
#include <botan/ctr.h>
#include <botan/parsing.h>
@@ -106,19 +107,19 @@ secure_vector<uint8_t> SIV_Mode::S2V(const uint8_t* text, size_t text_len)
for(size_t i = 0; i != m_ad_macs.size(); ++i)
{
- V = CMAC::poly_double(V);
+ poly_double_n(V.data(), V.size());
V ^= m_ad_macs[i];
}
if(m_nonce.size())
{
- V = CMAC::poly_double(V);
+ poly_double_n(V.data(), V.size());
V ^= m_nonce;
}
if(text_len < 16)
{
- V = CMAC::poly_double(V);
+ poly_double_n(V.data(), V.size());
xor_buf(V.data(), text, text_len);
V[text_len] ^= 0x80;
return m_cmac->process(V);