diff options
| author |  Abseil Team <absl-team@google.com> | 2021-07-12 07:04:14 -0700 |
|---|---|---|
| committer |  Andy Getz <durandal@google.com> | 2021-07-15 13:55:08 -0400 |
| commit | 33541e751039a8c4bd3a395dd1a3a0928885814a (patch) | |
| tree | f43ad6bc9933fd372f936101d71523f811c36cc9 /absl/random/internal/randen_slow.cc | |
| parent | b06e719ee985ecd63e0dffbc68499549216f817f (diff) | |
Export of internal Abseil changes
--
c3b926ea986eea9d416ef57ee67a1041b70257fd by Martijn Vels <mvels@google.com>:
Remove internal absl_internal_cordz_disabled check.
PiperOrigin-RevId: 384225993
--
2863c56ad5c86dd9c207a796e65d5bc968f77755 by Benjamin Barenblat <bbaren@google.com>:
Make randen_slow endian-correct
Pay attention to the platform endianness when pulling bytes out of each
AES block, and use platform-endian round keys.
PiperOrigin-RevId: 383878281
GitOrigin-RevId: c3b926ea986eea9d416ef57ee67a1041b70257fd
Change-Id: I0d48f4fd560b3e320260ef05790727756ffead02
Diffstat (limited to 'absl/random/internal/randen_slow.cc')
| -rw-r--r-- | absl/random/internal/randen_slow.cc | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/absl/random/internal/randen_slow.cc b/absl/random/internal/randen_slow.cc index 56aeb030..d5c9347b 100644 --- a/absl/random/internal/randen_slow.cc +++ b/absl/random/internal/randen_slow.cc @@ -19,6 +19,7 @@ #include <cstring> #include "absl/base/attributes.h" +#include "absl/base/internal/endian.h" #include "absl/numeric/int128.h" #include "absl/random/internal/platform.h" #include "absl/random/internal/randen_traits.h" @@ -40,7 +41,7 @@ namespace { // AES portions based on rijndael-alg-fst.c, // https://fastcrypto.org/front/misc/rijndael-alg-fst.c, and modified for -// little-endianness. +// platform-endianness. // // Implementation of // http://www.csrc.nist.gov/publications/fips/fips197/fips-197.pdf @@ -251,6 +252,7 @@ inline ABSL_RANDOM_INTERNAL_ATTRIBUTE_ALWAYS_INLINE void Vector128Store( inline ABSL_RANDOM_INTERNAL_ATTRIBUTE_ALWAYS_INLINE Vector128 AesRound(const Vector128& state, const Vector128& round_key) { Vector128 result; +#ifdef ABSL_IS_LITTLE_ENDIAN result.s[0] = round_key.s[0] ^ // te0[uint8_t(state.s[0])] ^ // te1[uint8_t(state.s[1] >> 8)] ^ // @@ -271,6 +273,28 @@ AesRound(const Vector128& state, const Vector128& round_key) { te1[uint8_t(state.s[0] >> 8)] ^ // te2[uint8_t(state.s[1] >> 16)] ^ // te3[uint8_t(state.s[2] >> 24)]; +#else + result.s[0] = round_key.s[0] ^ // + te0[uint8_t(state.s[0])] ^ // + te1[uint8_t(state.s[3] >> 8)] ^ // + te2[uint8_t(state.s[2] >> 16)] ^ // + te3[uint8_t(state.s[1] >> 24)]; + result.s[1] = round_key.s[1] ^ // + te0[uint8_t(state.s[1])] ^ // + te1[uint8_t(state.s[0] >> 8)] ^ // + te2[uint8_t(state.s[3] >> 16)] ^ // + te3[uint8_t(state.s[2] >> 24)]; + result.s[2] = round_key.s[2] ^ // + te0[uint8_t(state.s[2])] ^ // + te1[uint8_t(state.s[1] >> 8)] ^ // + te2[uint8_t(state.s[0] >> 16)] ^ // + te3[uint8_t(state.s[3] >> 24)]; + result.s[3] = round_key.s[3] ^ // + te0[uint8_t(state.s[3])] ^ // + te1[uint8_t(state.s[2] >> 8)] ^ // + te2[uint8_t(state.s[1] >> 16)] ^ // + te3[uint8_t(state.s[0] >> 24)]; +#endif return result; } @@ -380,7 +404,11 @@ namespace random_internal { const void* RandenSlow::GetKeys() { // Round keys for one AES per Feistel round and branch. // The canonical implementation uses first digits of Pi. +#ifdef ABSL_IS_LITTLE_ENDIAN return kRandenRoundKeys; +#else + return kRandenRoundKeysBE; +#endif } void RandenSlow::Absorb(const void* seed_void, void* state_void) { |