Skip to content

Commit c337380

Browse files
jedisct1jedisct1
committed
blockify 128x4
1 parent 5f00c75 commit c337380

File tree

1 file changed

+67
-23
lines changed

1 file changed

+67
-23
lines changed

src/aegis128x4/aegis128x4_common.h

Lines changed: 67 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -344,7 +344,7 @@ decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t
344344
}
345345

346346
typedef struct _aegis128x4_state {
347-
aegis_blocks state;
347+
aegis_blocks blocks;
348348
uint8_t buf[RATE];
349349
uint64_t adlen;
350350
uint64_t mlen;
@@ -355,37 +355,45 @@ static void
355355
state_init(aegis128x4_state *st_, const uint8_t *ad, size_t adlen, const uint8_t *npub,
356356
const uint8_t *k)
357357
{
358+
aegis_blocks blocks;
358359
_aegis128x4_state *const st =
359360
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
360361
~(uintptr_t) (ALIGNMENT - 1));
361362
size_t i;
362363

364+
memcpy(blocks, st->blocks, sizeof blocks);
365+
363366
COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_);
364367
st->mlen = 0;
365368
st->pos = 0;
366369

367-
aegis128x4_init(k, npub, st->state);
370+
aegis128x4_init(k, npub, blocks);
368371
for (i = 0; i + RATE <= adlen; i += RATE) {
369-
aegis128x4_absorb(ad + i, st->state);
372+
aegis128x4_absorb(ad + i, blocks);
370373
}
371374
if (adlen % RATE) {
372375
memset(st->buf, 0, RATE);
373376
memcpy(st->buf, ad + i, adlen % RATE);
374-
aegis128x4_absorb(st->buf, st->state);
377+
aegis128x4_absorb(st->buf, blocks);
375378
}
376379
st->adlen = adlen;
380+
381+
memcpy(st->blocks, blocks, sizeof blocks);
377382
}
378383

379384
static int
380385
state_encrypt_update(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t *written,
381386
const uint8_t *m, size_t mlen)
382387
{
388+
aegis_blocks blocks;
383389
_aegis128x4_state *const st =
384390
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
385391
~(uintptr_t) (ALIGNMENT - 1));
386392
size_t i = 0;
387393
size_t left;
388394

395+
memcpy(blocks, st->blocks, sizeof blocks);
396+
389397
*written = 0;
390398
st->mlen += mlen;
391399
if (st->pos != 0) {
@@ -404,7 +412,7 @@ state_encrypt_update(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t
404412
return -1;
405413
}
406414
clen_max -= RATE;
407-
aegis128x4_enc(c, st->buf, st->state);
415+
aegis128x4_enc(c, st->buf, blocks);
408416
*written += RATE;
409417
c += RATE;
410418
st->pos = 0;
@@ -417,27 +425,33 @@ state_encrypt_update(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t
417425
return -1;
418426
}
419427
for (i = 0; i + RATE <= mlen; i += RATE) {
420-
aegis128x4_enc(c + i, m + i, st->state);
428+
aegis128x4_enc(c + i, m + i, blocks);
421429
}
422430
*written += i;
423431
left = mlen % RATE;
424432
if (left != 0) {
425433
memcpy(st->buf, m + i, left);
426434
st->pos = left;
427435
}
436+
437+
memcpy(st->blocks, blocks, sizeof blocks);
438+
428439
return 0;
429440
}
430441

431442
static int
432443
state_encrypt_detached_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t *written,
433444
uint8_t *mac, size_t maclen)
434445
{
446+
aegis_blocks blocks;
435447
_aegis128x4_state *const st =
436448
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
437449
~(uintptr_t) (ALIGNMENT - 1));
438450
CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE];
439451
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
440452

453+
memcpy(blocks, st->blocks, sizeof blocks);
454+
441455
*written = 0;
442456
if (clen_max < st->pos) {
443457
errno = ERANGE;
@@ -446,26 +460,31 @@ state_encrypt_detached_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max,
446460
if (st->pos != 0) {
447461
memset(src, 0, sizeof src);
448462
memcpy(src, st->buf, st->pos);
449-
aegis128x4_enc(dst, src, st->state);
463+
aegis128x4_enc(dst, src, blocks);
450464
memcpy(c, dst, st->pos);
451465
}
452-
aegis128x4_mac(mac, maclen, st->adlen, st->mlen, st->state);
466+
aegis128x4_mac(mac, maclen, st->adlen, st->mlen, blocks);
453467

454468
*written = st->pos;
455469

470+
memcpy(st->blocks, blocks, sizeof blocks);
471+
456472
return 0;
457473
}
458474

459475
static int
460476
state_encrypt_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t *written,
461477
size_t maclen)
462478
{
479+
aegis_blocks blocks;
463480
_aegis128x4_state *const st =
464481
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
465482
~(uintptr_t) (ALIGNMENT - 1));
466483
CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE];
467484
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
468485

486+
memcpy(blocks, st->blocks, sizeof blocks);
487+
469488
*written = 0;
470489
if (clen_max < st->pos + maclen) {
471490
errno = ERANGE;
@@ -474,27 +493,32 @@ state_encrypt_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t *
474493
if (st->pos != 0) {
475494
memset(src, 0, sizeof src);
476495
memcpy(src, st->buf, st->pos);
477-
aegis128x4_enc(dst, src, st->state);
496+
aegis128x4_enc(dst, src, blocks);
478497
memcpy(c, dst, st->pos);
479498
}
480-
aegis128x4_mac(c + st->pos, maclen, st->adlen, st->mlen, st->state);
499+
aegis128x4_mac(c + st->pos, maclen, st->adlen, st->mlen, blocks);
481500

482501
*written = st->pos + maclen;
483502

503+
memcpy(st->blocks, blocks, sizeof blocks);
504+
484505
return 0;
485506
}
486507

487508
static int
488509
state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max, size_t *written,
489510
const uint8_t *c, size_t clen)
490511
{
512+
aegis_blocks blocks;
491513
_aegis128x4_state *const st =
492514
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
493515
~(uintptr_t) (ALIGNMENT - 1));
494516
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
495517
size_t i = 0;
496518
size_t left;
497519

520+
memcpy(blocks, st->blocks, sizeof blocks);
521+
498522
*written = 0;
499523
st->mlen += clen;
500524

@@ -518,10 +542,10 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max
518542
return -1;
519543
}
520544
mlen_max -= RATE;
521-
aegis128x4_dec(m, st->buf, st->state);
545+
aegis128x4_dec(m, st->buf, blocks);
522546
m += RATE;
523547
} else {
524-
aegis128x4_dec(dst, st->buf, st->state);
548+
aegis128x4_dec(dst, st->buf, blocks);
525549
}
526550
*written += RATE;
527551
}
@@ -532,11 +556,11 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max
532556
return -1;
533557
}
534558
for (i = 0; i + RATE <= clen; i += RATE) {
535-
aegis128x4_dec(m + i, c + i, st->state);
559+
aegis128x4_dec(m + i, c + i, blocks);
536560
}
537561
} else {
538562
for (i = 0; i + RATE <= clen; i += RATE) {
539-
aegis128x4_dec(dst, c + i, st->state);
563+
aegis128x4_dec(dst, c + i, blocks);
540564
}
541565
}
542566
*written += i;
@@ -545,33 +569,39 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max
545569
memcpy(st->buf, c + i, left);
546570
st->pos = left;
547571
}
572+
573+
memcpy(st->blocks, blocks, sizeof blocks);
574+
548575
return 0;
549576
}
550577

551578
static int
552579
state_decrypt_detached_final(aegis128x4_state *st_, uint8_t *m, size_t mlen_max, size_t *written,
553580
const uint8_t *mac, size_t maclen)
554581
{
582+
aegis_blocks blocks;
555583
CRYPTO_ALIGN(16) uint8_t computed_mac[32];
556584
CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE];
557585
_aegis128x4_state *const st =
558586
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
559587
~(uintptr_t) (ALIGNMENT - 1));
560588
int ret;
561589

590+
memcpy(blocks, st->blocks, sizeof blocks);
591+
562592
*written = 0;
563593
if (st->pos != 0) {
564594
if (m != NULL) {
565595
if (mlen_max < st->pos) {
566596
errno = ERANGE;
567597
return -1;
568598
}
569-
aegis128x4_declast(m, st->buf, st->pos, st->state);
599+
aegis128x4_declast(m, st->buf, st->pos, blocks);
570600
} else {
571-
aegis128x4_declast(dst, st->buf, st->pos, st->state);
601+
aegis128x4_declast(dst, st->buf, st->pos, blocks);
572602
}
573603
}
574-
aegis128x4_mac(computed_mac, maclen, st->adlen, st->mlen, st->state);
604+
aegis128x4_mac(computed_mac, maclen, st->adlen, st->mlen, blocks);
575605
ret = -1;
576606
if (maclen == 16) {
577607
ret = aegis_verify_16(computed_mac, mac);
@@ -583,18 +613,24 @@ state_decrypt_detached_final(aegis128x4_state *st_, uint8_t *m, size_t mlen_max,
583613
} else {
584614
memset(m, 0, st->pos);
585615
}
616+
617+
memcpy(st->blocks, blocks, sizeof blocks);
618+
586619
return ret;
587620
}
588621

589622
static int
590623
state_mac_update(aegis128x4_state *st_, const uint8_t *ad, size_t adlen)
591624
{
625+
aegis_blocks blocks;
592626
_aegis128x4_state *const st =
593627
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
594628
~(uintptr_t) (ALIGNMENT - 1));
595629
size_t i;
596630
size_t left;
597631

632+
memcpy(blocks, st->blocks, sizeof blocks);
633+
598634
left = st->adlen % RATE;
599635
st->adlen += adlen;
600636
if (left != 0) {
@@ -603,7 +639,7 @@ state_mac_update(aegis128x4_state *st_, const uint8_t *ad, size_t adlen)
603639
return 0;
604640
}
605641
memcpy(st->buf + left, ad, RATE - left);
606-
aegis128x4_absorb(st->buf, st->state);
642+
aegis128x4_absorb(st->buf, blocks);
607643
ad += RATE - left;
608644
adlen -= RATE - left;
609645
}
@@ -616,33 +652,41 @@ state_mac_update(aegis128x4_state *st_, const uint8_t *ad, size_t adlen)
616652
msg3 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 3);
617653
COMPILER_ASSERT(AES_BLOCK_LENGTH * 4 == RATE * 2);
618654

619-
aegis128x4_update(st->state, msg0, msg1);
620-
aegis128x4_update(st->state, msg2, msg3);
655+
aegis128x4_update(blocks, msg0, msg1);
656+
aegis128x4_update(blocks, msg2, msg3);
621657
}
622658
for (; i + RATE <= adlen; i += RATE) {
623-
aegis128x4_absorb(ad + i, st->state);
659+
aegis128x4_absorb(ad + i, blocks);
624660
}
625661
if (i < adlen) {
626662
memset(st->buf, 0, RATE);
627663
memcpy(st->buf, ad + i, adlen - i);
628664
}
665+
666+
memcpy(st->blocks, blocks, sizeof blocks);
667+
629668
return 0;
630669
}
631670

632671
static int
633672
state_mac_final(aegis128x4_state *st_, uint8_t *mac, size_t maclen)
634673
{
674+
aegis_blocks blocks;
635675
_aegis128x4_state *const st =
636676
(_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) &
637677
~(uintptr_t) (ALIGNMENT - 1));
638678
size_t left;
639679

680+
memcpy(blocks, st->blocks, sizeof blocks);
681+
640682
left = st->adlen % RATE;
641683
if (left != 0) {
642684
memset(st->buf + left, 0, RATE - left);
643-
aegis128x4_absorb(st->buf, st->state);
685+
aegis128x4_absorb(st->buf, blocks);
644686
}
645-
aegis128x4_mac(mac, maclen, st->adlen, 0, st->state);
687+
aegis128x4_mac(mac, maclen, st->adlen, 0, blocks);
688+
689+
memcpy(st->blocks, blocks, sizeof blocks);
646690

647691
return 0;
648692
}

0 commit comments

Comments
 (0)