-
Notifications
You must be signed in to change notification settings - Fork 3
/
aes_cmac_amd64.go
65 lines (53 loc) · 1.49 KB
/
aes_cmac_amd64.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// Copyright (c) 2018 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
// +build amd64,!gccgo,!appengine
package siv
import (
"crypto/subtle"
"hash"
cmac "github.com/aead/cmac/aes"
"golang.org/x/sys/cpu"
)
func aesCMacXORKeyStream(dst, src, iv, keys []byte, keyLen uint64)
func newCMAC(key []byte) aead {
if cpu.X86.HasAES {
cmac, _ := cmac.New(key[:len(key)/2])
key = key[len(key)/2:]
keys := make([]byte, 4*(28+len(key)))
keySchedule(keys, key)
return &aesSivCMacAsm{
cmac: cmac,
keys: keys,
keyLength: len(key),
}
}
return newCMACGeneric(key)
}
type aesSivCMacAsm struct {
cmac hash.Hash
keys []byte
keyLength int
}
func (c *aesSivCMacAsm) seal(ciphertext, nonce, plaintext, additionalData []byte) {
v := s2vGeneric(additionalData, nonce, plaintext, c.cmac)
copy(ciphertext, v[:])
ciphertext = ciphertext[len(v):]
iv := newIV(v)
aesCMacXORKeyStream(ciphertext, plaintext, iv[:], c.keys, uint64(c.keyLength))
}
func (c *aesSivCMacAsm) open(plaintext, nonce, ciphertext, additionalData []byte) error {
var v [16]byte
copy(v[:], ciphertext)
ciphertext = ciphertext[len(v):]
iv := newIV(v)
aesCMacXORKeyStream(plaintext, ciphertext, iv[:], c.keys, uint64(c.keyLength))
tag := s2vGeneric(additionalData, nonce, plaintext, c.cmac)
if subtle.ConstantTimeCompare(v[:], tag[:]) != 1 {
for i := range plaintext {
plaintext[i] = 0
}
return errOpen
}
return nil
}