On Wed, 2018-01-10 at 11:24 +0100, Niels Möller wrote:
Nikos Mavrogiannopoulos nmav@redhat.com writes:
The attached patch brings support for AES-128-CMAC. The code is based on the samba code.
Nice. I think I'll have to read up a bit to understand what it's doing.
The rshift and lshift functions come from the AES implementation bundled with samba.
These to just a single bit right or left shift of a 16-byte block? To me it seems odd to do that with a table lookup for each byte.
Indeed, and I don't see any obvious benefit of that code. I've replaced it with a simpler version.
May be natural as functions operating on nettle_block16, and if platform endianness is right, could do the shifts in units of unsigned long or uint64_t. Shift and mask on 64-bit values may be preferable also if the endiannness is wrong.
I've now used the nettle_block16 to ensure values are aligned. I didn't try to optimize the shift as it is only used on set_key which doesn't really affect performance.
regards, Nikos