Skip to content

Commit 3a453ae

Browse files
jedisct1jedisct1
committed
Blockify 256X
1 parent c337380 commit 3a453ae

File tree

2 files changed

+134
-46
lines changed

2 files changed

+134
-46
lines changed

src/aegis256x2/aegis256x2_common.h

Lines changed: 67 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -330,7 +330,7 @@ decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t
330330
}
331331

332332
typedef struct _aegis256x2_state {
333-
aegis_blocks state;
333+
aegis_blocks blocks;
334334
uint8_t buf[RATE];
335335
uint64_t adlen;
336336
uint64_t mlen;
@@ -341,37 +341,45 @@ static void
341341
state_init(aegis256x2_state *st_, const uint8_t *ad, size_t adlen, const uint8_t *npub,
342342
const uint8_t *k)
343343
{
344+
aegis_blocks blocks;
344345
_aegis256x2_state *const st =
345346
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
346347
~(uintptr_t) (ALIGNMENT - 1));
347348
size_t i;
348349

350+
memcpy(blocks, st->blocks, sizeof blocks);
351+
349352
COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_);
350353
st->mlen = 0;
351354
st->pos = 0;
352355

353-
aegis256x2_init(k, npub, st->state);
356+
aegis256x2_init(k, npub, blocks);
354357
for (i = 0; i + RATE <= adlen; i += RATE) {
355-
aegis256x2_absorb(ad + i, st->state);
358+
aegis256x2_absorb(ad + i, blocks);
356359
}
357360
if (adlen % RATE) {
358361
memset(st->buf, 0, RATE);
359362
memcpy(st->buf, ad + i, adlen % RATE);
360-
aegis256x2_absorb(st->buf, st->state);
363+
aegis256x2_absorb(st->buf, blocks);
361364
}
362365
st->adlen = adlen;
366+
367+
memcpy(st->blocks, blocks, sizeof blocks);
363368
}
364369

365370
static int
366371
state_encrypt_update(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t *written,
367372
const uint8_t *m, size_t mlen)
368373
{
374+
aegis_blocks blocks;
369375
_aegis256x2_state *const st =
370376
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
371377
~(uintptr_t) (ALIGNMENT - 1));
372378
size_t i = 0;
373379
size_t left;
374380

381+
memcpy(blocks, st->blocks, sizeof blocks);
382+
375383
*written = 0;
376384
st->mlen += mlen;
377385
if (st->pos != 0) {
@@ -390,7 +398,7 @@ state_encrypt_update(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t
390398
return -1;
391399
}
392400
clen_max -= RATE;
393-
aegis256x2_enc(c, st->buf, st->state);
401+
aegis256x2_enc(c, st->buf, blocks);
394402
*written += RATE;
395403
c += RATE;
396404
st->pos = 0;
@@ -403,27 +411,33 @@ state_encrypt_update(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t
403411
return -1;
404412
}
405413
for (i = 0; i + RATE <= mlen; i += RATE) {
406-
aegis256x2_enc(c + i, m + i, st->state);
414+
aegis256x2_enc(c + i, m + i, blocks);
407415
}
408416
*written += i;
409417
left = mlen % RATE;
410418
if (left != 0) {
411419
memcpy(st->buf, m + i, left);
412420
st->pos = left;
413421
}
422+
423+
memcpy(st->blocks, blocks, sizeof blocks);
424+
414425
return 0;
415426
}
416427

417428
static int
418429
state_encrypt_detached_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t *written,
419430
uint8_t *mac, size_t maclen)
420431
{
432+
aegis_blocks blocks;
421433
_aegis256x2_state *const st =
422434
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
423435
~(uintptr_t) (ALIGNMENT - 1));
424436
CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE];
425437
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
426438

439+
memcpy(blocks, st->blocks, sizeof blocks);
440+
427441
*written = 0;
428442
if (clen_max < st->pos) {
429443
errno = ERANGE;
@@ -432,26 +446,31 @@ state_encrypt_detached_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max,
432446
if (st->pos != 0) {
433447
memset(src, 0, sizeof src);
434448
memcpy(src, st->buf, st->pos);
435-
aegis256x2_enc(dst, src, st->state);
449+
aegis256x2_enc(dst, src, blocks);
436450
memcpy(c, dst, st->pos);
437451
}
438-
aegis256x2_mac(mac, maclen, st->adlen, st->mlen, st->state);
452+
aegis256x2_mac(mac, maclen, st->adlen, st->mlen, blocks);
439453

440454
*written = st->pos;
441455

456+
memcpy(st->blocks, blocks, sizeof blocks);
457+
442458
return 0;
443459
}
444460

445461
static int
446462
state_encrypt_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t *written,
447463
size_t maclen)
448464
{
465+
aegis_blocks blocks;
449466
_aegis256x2_state *const st =
450467
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
451468
~(uintptr_t) (ALIGNMENT - 1));
452469
CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE];
453470
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
454471

472+
memcpy(blocks, st->blocks, sizeof blocks);
473+
455474
*written = 0;
456475
if (clen_max < st->pos + maclen) {
457476
errno = ERANGE;
@@ -460,27 +479,32 @@ state_encrypt_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t *
460479
if (st->pos != 0) {
461480
memset(src, 0, sizeof src);
462481
memcpy(src, st->buf, st->pos);
463-
aegis256x2_enc(dst, src, st->state);
482+
aegis256x2_enc(dst, src, blocks);
464483
memcpy(c, dst, st->pos);
465484
}
466-
aegis256x2_mac(c + st->pos, maclen, st->adlen, st->mlen, st->state);
485+
aegis256x2_mac(c + st->pos, maclen, st->adlen, st->mlen, blocks);
467486

468487
*written = st->pos + maclen;
469488

489+
memcpy(st->blocks, blocks, sizeof blocks);
490+
470491
return 0;
471492
}
472493

473494
static int
474495
state_decrypt_detached_update(aegis256x2_state *st_, uint8_t *m, size_t mlen_max, size_t *written,
475496
const uint8_t *c, size_t clen)
476497
{
498+
aegis_blocks blocks;
477499
_aegis256x2_state *const st =
478500
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
479501
~(uintptr_t) (ALIGNMENT - 1));
480502
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
481503
size_t i = 0;
482504
size_t left;
483505

506+
memcpy(blocks, st->blocks, sizeof blocks);
507+
484508
*written = 0;
485509
st->mlen += clen;
486510

@@ -504,10 +528,10 @@ state_decrypt_detached_update(aegis256x2_state *st_, uint8_t *m, size_t mlen_max
504528
return -1;
505529
}
506530
mlen_max -= RATE;
507-
aegis256x2_dec(m, st->buf, st->state);
531+
aegis256x2_dec(m, st->buf, blocks);
508532
m += RATE;
509533
} else {
510-
aegis256x2_dec(dst, st->buf, st->state);
534+
aegis256x2_dec(dst, st->buf, blocks);
511535
}
512536
*written += RATE;
513537
}
@@ -518,11 +542,11 @@ state_decrypt_detached_update(aegis256x2_state *st_, uint8_t *m, size_t mlen_max
518542
return -1;
519543
}
520544
for (i = 0; i + RATE <= clen; i += RATE) {
521-
aegis256x2_dec(m + i, c + i, st->state);
545+
aegis256x2_dec(m + i, c + i, blocks);
522546
}
523547
} else {
524548
for (i = 0; i + RATE <= clen; i += RATE) {
525-
aegis256x2_dec(dst, c + i, st->state);
549+
aegis256x2_dec(dst, c + i, blocks);
526550
}
527551
}
528552
*written += i;
@@ -531,33 +555,39 @@ state_decrypt_detached_update(aegis256x2_state *st_, uint8_t *m, size_t mlen_max
531555
memcpy(st->buf, c + i, left);
532556
st->pos = left;
533557
}
558+
559+
memcpy(st->blocks, blocks, sizeof blocks);
560+
534561
return 0;
535562
}
536563

537564
static int
538565
state_decrypt_detached_final(aegis256x2_state *st_, uint8_t *m, size_t mlen_max, size_t *written,
539566
const uint8_t *mac, size_t maclen)
540567
{
568+
aegis_blocks blocks;
541569
CRYPTO_ALIGN(16) uint8_t computed_mac[32];
542570
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
543571
_aegis256x2_state *const st =
544572
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
545573
~(uintptr_t) (ALIGNMENT - 1));
546574
int ret;
547575

576+
memcpy(blocks, st->blocks, sizeof blocks);
577+
548578
*written = 0;
549579
if (st->pos != 0) {
550580
if (m != NULL) {
551581
if (mlen_max < st->pos) {
552582
errno = ERANGE;
553583
return -1;
554584
}
555-
aegis256x2_declast(m, st->buf, st->pos, st->state);
585+
aegis256x2_declast(m, st->buf, st->pos, blocks);
556586
} else {
557-
aegis256x2_declast(dst, st->buf, st->pos, st->state);
587+
aegis256x2_declast(dst, st->buf, st->pos, blocks);
558588
}
559589
}
560-
aegis256x2_mac(computed_mac, maclen, st->adlen, st->mlen, st->state);
590+
aegis256x2_mac(computed_mac, maclen, st->adlen, st->mlen, blocks);
561591
ret = -1;
562592
if (maclen == 16) {
563593
ret = aegis_verify_16(computed_mac, mac);
@@ -569,18 +599,24 @@ state_decrypt_detached_final(aegis256x2_state *st_, uint8_t *m, size_t mlen_max,
569599
} else {
570600
memset(m, 0, st->pos);
571601
}
602+
603+
memcpy(st->blocks, blocks, sizeof blocks);
604+
572605
return ret;
573606
}
574607

575608
static int
576609
state_mac_update(aegis256x2_state *st_, const uint8_t *ad, size_t adlen)
577610
{
611+
aegis_blocks blocks;
578612
_aegis256x2_state *const st =
579613
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
580614
~(uintptr_t) (ALIGNMENT - 1));
581615
size_t i;
582616
size_t left;
583617

618+
memcpy(blocks, st->blocks, sizeof blocks);
619+
584620
left = st->adlen % RATE;
585621
st->adlen += adlen;
586622
if (left != 0) {
@@ -589,7 +625,7 @@ state_mac_update(aegis256x2_state *st_, const uint8_t *ad, size_t adlen)
589625
return 0;
590626
}
591627
memcpy(st->buf + left, ad, RATE - left);
592-
aegis256x2_absorb(st->buf, st->state);
628+
aegis256x2_absorb(st->buf, blocks);
593629
ad += RATE - left;
594630
adlen -= RATE - left;
595631
}
@@ -600,33 +636,41 @@ state_mac_update(aegis256x2_state *st_, const uint8_t *ad, size_t adlen)
600636
msg1 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 1);
601637
COMPILER_ASSERT(AES_BLOCK_LENGTH * 2 == RATE * 2);
602638

603-
aegis256x2_update(st->state, msg0);
604-
aegis256x2_update(st->state, msg1);
639+
aegis256x2_update(blocks, msg0);
640+
aegis256x2_update(blocks, msg1);
605641
}
606642
for (; i + RATE <= adlen; i += RATE) {
607-
aegis256x2_absorb(ad + i, st->state);
643+
aegis256x2_absorb(ad + i, blocks);
608644
}
609645
if (i < adlen) {
610646
memset(st->buf, 0, RATE);
611647
memcpy(st->buf, ad + i, adlen - i);
612648
}
649+
650+
memcpy(st->blocks, blocks, sizeof blocks);
651+
613652
return 0;
614653
}
615654

616655
static int
617656
state_mac_final(aegis256x2_state *st_, uint8_t *mac, size_t maclen)
618657
{
658+
aegis_blocks blocks;
619659
_aegis256x2_state *const st =
620660
(_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
621661
~(uintptr_t) (ALIGNMENT - 1));
622662
size_t left;
623663

664+
memcpy(blocks, st->blocks, sizeof blocks);
665+
624666
left = st->adlen % RATE;
625667
if (left != 0) {
626668
memset(st->buf + left, 0, RATE - left);
627-
aegis256x2_absorb(st->buf, st->state);
669+
aegis256x2_absorb(st->buf, blocks);
628670
}
629-
aegis256x2_mac(mac, maclen, st->adlen, 0, st->state);
671+
aegis256x2_mac(mac, maclen, st->adlen, 0, blocks);
672+
673+
memcpy(st->blocks, blocks, sizeof blocks);
630674

631675
return 0;
632676
}

0 commit comments

Comments
 (0)