summaryrefslogtreecommitdiffhomepage
path: root/src/crypto/zinc
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-12 18:42:14 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-09-12 18:53:11 +0200
commit70d2d999761bf913f26299f748041a989ff2d983 (patch)
tree601251a7a9c4b7597ae4e46bfa8fd12fb92f1b1d /src/crypto/zinc
parent1a6ae009c4d296f6cf70656d167932b2e8afa04a (diff)
poly1305: precompute 5*r in init instead of blocks
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src/crypto/zinc')
-rw-r--r--src/crypto/zinc/poly1305/poly1305-donna32.h15
-rw-r--r--src/crypto/zinc/poly1305/poly1305-donna64.h9
2 files changed, 18 insertions, 6 deletions
diff --git a/src/crypto/zinc/poly1305/poly1305-donna32.h b/src/crypto/zinc/poly1305/poly1305-donna32.h
index 1decb33..dc32123 100644
--- a/src/crypto/zinc/poly1305/poly1305-donna32.h
+++ b/src/crypto/zinc/poly1305/poly1305-donna32.h
@@ -9,6 +9,7 @@
struct poly1305_internal {
u32 h[5];
u32 r[5];
+ u32 s[4];
};
static void poly1305_init_generic(void *ctx, const u8 key[16])
@@ -22,6 +23,12 @@ static void poly1305_init_generic(void *ctx, const u8 key[16])
st->r[3] = (get_unaligned_le32(&key[9]) >> 6) & 0x3f03fff;
st->r[4] = (get_unaligned_le32(&key[12]) >> 8) & 0x00fffff;
+ /* s = 5*r */
+ st->s[0] = st->r[1] * 5;
+ st->s[1] = st->r[2] * 5;
+ st->s[2] = st->r[3] * 5;
+ st->s[3] = st->r[4] * 5;
+
/* h = 0 */
st->h[0] = 0;
st->h[1] = 0;
@@ -47,10 +54,10 @@ static void poly1305_blocks_generic(void *ctx, const u8 *input, size_t len,
r3 = st->r[3];
r4 = st->r[4];
- s1 = r1 * 5;
- s2 = r2 * 5;
- s3 = r3 * 5;
- s4 = r4 * 5;
+ s1 = st->s[0];
+ s2 = st->s[1];
+ s3 = st->s[2];
+ s4 = st->s[3];
h0 = st->h[0];
h1 = st->h[1];
diff --git a/src/crypto/zinc/poly1305/poly1305-donna64.h b/src/crypto/zinc/poly1305/poly1305-donna64.h
index 2aa2570..de7ab12 100644
--- a/src/crypto/zinc/poly1305/poly1305-donna64.h
+++ b/src/crypto/zinc/poly1305/poly1305-donna64.h
@@ -11,6 +11,7 @@ typedef __uint128_t u128;
struct poly1305_internal {
u64 r[3];
u64 h[3];
+ u64 s[2];
};
static void poly1305_init_generic(void *ctx, const u8 key[16])
@@ -26,6 +27,10 @@ static void poly1305_init_generic(void *ctx, const u8 key[16])
st->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffff;
st->r[2] = ((t1 >> 24)) & 0x00ffffffc0f;
+ /* s = 20*r */
+ st->s[0] = st->r[1] * 20;
+ st->s[1] = st->r[2] * 20;
+
/* h = 0 */
st->h[0] = 0;
st->h[1] = 0;
@@ -51,8 +56,8 @@ static void poly1305_blocks_generic(void *ctx, const u8 *input, size_t len,
h1 = st->h[1];
h2 = st->h[2];
- s1 = r1 * (5 << 2);
- s2 = r2 * (5 << 2);
+ s1 = st->s[0];
+ s2 = st->s[1];
while (len >= POLY1305_BLOCK_SIZE) {
u64 t0, t1;