Rewrite the AES256-GCM implementation

Faster, way more readable, easier to port to other architectures.

AUTHORS

@@ -53,8 +53,7 @@ crypto_aead/aegis256                   Hongjun Wu
                                        Adrien Gallouet
                                        Frank Denis
 
-crypto_aead/aes256gcm/aesni            Romain Dolbeau
+crypto_aead/aes256gcm/aesni            Frank Denis
-                                       Frank Denis
 
 crypto_aead/chacha20poly1305           Frank Denis
 

test/default/aead_aes256gcm.c

@@ -3097,6 +3097,7 @@ tv(void)
     size_t              detached_ciphertext_len;
     size_t              i = 0U;
     size_t              message_len;
+    int                 res;
 
     key = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_KEYBYTES);
     nonce = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_NPUBBYTES);
@@ -3135,7 +3136,7 @@ tv(void)
         ciphertext = (unsigned char *) sodium_malloc(ciphertext_len);
         detached_ciphertext = (unsigned char *) sodium_malloc(detached_ciphertext_len);
 
-        crypto_aead_aes256gcm_encrypt_detached(detached_ciphertext, mac,
+        res = crypto_aead_aes256gcm_encrypt_detached(detached_ciphertext, mac,
                                                      &found_mac_len,
                                                      message, message_len,
                                                      ad, ad_len, NULL, nonce, key);
@@ -3144,25 +3145,39 @@ tv(void)
                    detached_ciphertext_len) != 0 ||
             memcmp(mac, expected_ciphertext + message_len,
                    crypto_aead_aes256gcm_ABYTES) != 0) {
-            printf("Detached encryption of test vector #%u failed\n", (unsigned int) i);
+            printf("Detached encryption of test vector #%u failed (res=%d)\n",
+                   (unsigned int) i, res);
             hex = (char *) sodium_malloc((size_t) ciphertext_len * 2 + 1);
-            sodium_bin2hex(hex, (size_t) ciphertext_len * 2 + 1,
+            sodium_bin2hex(hex, (size_t) detached_ciphertext_len * 2 + 1,
-                           ciphertext, ciphertext_len);
+                           detached_ciphertext, detached_ciphertext_len);
             printf("Computed: [%s]\n", hex);
+            sodium_bin2hex(hex, (size_t) detached_ciphertext_len * 2 + 1,
+                           expected_ciphertext, detached_ciphertext_len);
+            printf("Expected: [%s]\n", hex);
+            sodium_bin2hex(hex, (size_t) found_mac_len * 2 + 1,
+                           mac, found_mac_len);
+            printf("Computed mac: [%s]\n", hex);
+            sodium_bin2hex(hex, (size_t) found_mac_len * 2 + 1,
+                           expected_ciphertext + message_len, found_mac_len);
+            printf("Expected mac: [%s]\n", hex);
             sodium_free(hex);
         }
 
-        crypto_aead_aes256gcm_encrypt(ciphertext, &found_ciphertext_len,
+        res = crypto_aead_aes256gcm_encrypt(ciphertext, &found_ciphertext_len,
                                             message, message_len,
                                             ad, ad_len, NULL, nonce, key);
 
         assert((size_t) found_ciphertext_len == ciphertext_len);
         if (memcmp(ciphertext, expected_ciphertext, ciphertext_len) != 0) {
-            printf("Encryption of test vector #%u failed\n", (unsigned int) i);
+            printf("Encryption of test vector #%u failed (res=%d)\n",
+                   (unsigned int) i, res);
             hex = (char *) sodium_malloc((size_t) found_ciphertext_len * 2 + 1);
             sodium_bin2hex(hex, (size_t) found_ciphertext_len * 2 + 1,
                            ciphertext, ciphertext_len);
             printf("Computed: [%s]\n", hex);
+            sodium_bin2hex(hex, (size_t) ciphertext_len * 2 + 1,
+                           expected_ciphertext, ciphertext_len);
+            printf("Expected: [%s]\n", hex);
             sodium_free(hex);
         }