1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

AEGIS: add a specialized function to absorb the AD

This commit is contained in:
Frank Denis 2022-11-20 18:16:13 +01:00
parent 43d5a33931
commit ece8e60524
4 changed files with 54 additions and 16 deletions

View File

@ -110,6 +110,16 @@ crypto_aead_aegis128l_mac(unsigned char *mac, unsigned long long adlen, unsigned
AES_BLOCK_STORE((aes_block_t *) (void *) mac, tmp);
}
static inline void
crypto_aead_aegis128l_absorb(const unsigned char *const src, aes_block_t *const state)
{
aes_block_t msg0, msg1;
msg0 = AES_BLOCK_LOAD(src);
msg1 = AES_BLOCK_LOAD(src + 16);
crypto_aead_aegis128l_update(state, msg0, msg1);
}
static void
crypto_aead_aegis128l_enc(unsigned char *const dst, const unsigned char *const src,
aes_block_t *const state)
@ -167,12 +177,12 @@ crypto_aead_aegis128l_encrypt_detached(unsigned char *c, unsigned char *mac,
crypto_aead_aegis128l_init(k, npub, state);
for (i = 0ULL; i + 32ULL <= adlen; i += 32ULL) {
crypto_aead_aegis128l_enc(dst, ad + i, state);
crypto_aead_aegis128l_absorb(ad + i, state);
}
if (adlen & 0x1f) {
memset(src, 0, 32);
memcpy(src, ad + i, adlen & 0x1f);
crypto_aead_aegis128l_enc(dst, src, state);
crypto_aead_aegis128l_absorb(src, state);
}
for (i = 0ULL; i + 32ULL <= mlen; i += 32ULL) {
crypto_aead_aegis128l_enc(c + i, m + i, state);
@ -238,12 +248,12 @@ crypto_aead_aegis128l_decrypt_detached(unsigned char *m, unsigned char *nsec,
crypto_aead_aegis128l_init(k, npub, state);
for (i = 0ULL; i + 32ULL <= adlen; i += 32ULL) {
crypto_aead_aegis128l_enc(dst, ad + i, state);
crypto_aead_aegis128l_absorb(ad + i, state);
}
if (adlen & 0x1f) {
memset(src, 0, 32);
memcpy(src, ad + i, adlen & 0x1f);
crypto_aead_aegis128l_enc(dst, src, state);
crypto_aead_aegis128l_absorb(src, state);
}
if (m != NULL) {
for (i = 0ULL; i + 32ULL <= mlen; i += 32ULL) {

View File

@ -99,6 +99,16 @@ crypto_aead_aegis128l_mac(unsigned char *mac, unsigned long long adlen, unsigned
AES_BLOCK_STORE(mac, tmp);
}
static inline void
crypto_aead_aegis128l_absorb(const unsigned char *const src, aes_block_t *const state)
{
aes_block_t msg0, msg1;
msg0 = AES_BLOCK_LOAD(src);
msg1 = AES_BLOCK_LOAD(src + 16);
crypto_aead_aegis128l_update(state, msg0, msg1);
}
static void
crypto_aead_aegis128l_enc(unsigned char *const dst,
const unsigned char *const src,
@ -158,12 +168,12 @@ crypto_aead_aegis128l_encrypt_detached(unsigned char *c, unsigned char *mac,
crypto_aead_aegis128l_init(k, npub, state);
for (i = 0ULL; i + 32ULL <= adlen; i += 32ULL) {
crypto_aead_aegis128l_enc(dst, ad + i, state);
crypto_aead_aegis128l_absorb(ad + i, state);
}
if (adlen & 0x1f) {
memset(src, 0, 32);
memcpy(src, ad + i, adlen & 0x1f);
crypto_aead_aegis128l_enc(dst, src, state);
crypto_aead_aegis128l_absorb(src, state);
}
for (i = 0ULL; i + 32ULL <= mlen; i += 32ULL) {
crypto_aead_aegis128l_enc(c + i, m + i, state);
@ -229,12 +239,12 @@ crypto_aead_aegis128l_decrypt_detached(unsigned char *m, unsigned char *nsec,
crypto_aead_aegis128l_init(k, npub, state);
for (i = 0ULL; i + 32ULL <= adlen; i += 32ULL) {
crypto_aead_aegis128l_enc(dst, ad + i, state);
crypto_aead_aegis128l_absorb(ad + i, state);
}
if (adlen & 0x1f) {
memset(src, 0, 32);
memcpy(src, ad + i, adlen & 0x1f);
crypto_aead_aegis128l_enc(dst, src, state);
crypto_aead_aegis128l_absorb(src, state);
}
if (m != NULL) {
for (i = 0ULL; i + 32ULL <= mlen; i += 32ULL) {

View File

@ -108,6 +108,15 @@ crypto_aead_aegis256_mac(unsigned char *mac, unsigned long long adlen, unsigned
AES_BLOCK_STORE((aes_block_t *) (void *) mac, tmp);
}
static inline void
crypto_aead_aegis256_absorb(const unsigned char *const src, aes_block_t *const state)
{
aes_block_t msg;
msg = AES_BLOCK_LOAD(src);
crypto_aead_aegis256_update(state, msg);
}
static void
crypto_aead_aegis256_enc(unsigned char *const dst, const unsigned char *const src,
aes_block_t *const state)
@ -157,12 +166,12 @@ crypto_aead_aegis256_encrypt_detached(unsigned char *c, unsigned char *mac,
crypto_aead_aegis256_init(k, npub, state);
for (i = 0ULL; i + 16ULL <= adlen; i += 16ULL) {
crypto_aead_aegis256_enc(dst, ad + i, state);
crypto_aead_aegis256_absorb(ad + i, state);
}
if (adlen & 0xf) {
memset(src, 0, 16);
memcpy(src, ad + i, adlen & 0xf);
crypto_aead_aegis256_enc(dst, src, state);
crypto_aead_aegis256_absorb(src, state);
}
for (i = 0ULL; i + 16ULL <= mlen; i += 16ULL) {
crypto_aead_aegis256_enc(c + i, m + i, state);
@ -227,12 +236,12 @@ crypto_aead_aegis256_decrypt_detached(unsigned char *m, unsigned char *nsec, con
crypto_aead_aegis256_init(k, npub, state);
for (i = 0ULL; i + 16ULL <= adlen; i += 16ULL) {
crypto_aead_aegis256_enc(dst, ad + i, state);
crypto_aead_aegis256_absorb(ad + i, state);
}
if (adlen & 0xf) {
memset(src, 0, 16);
memcpy(src, ad + i, adlen & 0xf);
crypto_aead_aegis256_enc(dst, src, state);
crypto_aead_aegis256_absorb(src, state);
}
if (m != NULL) {
for (i = 0ULL; i + 16ULL <= mlen; i += 16ULL) {

View File

@ -99,6 +99,15 @@ crypto_aead_aegis256_mac(unsigned char *mac, unsigned long long adlen, unsigned
AES_BLOCK_STORE(mac, tmp);
}
static inline void
crypto_aead_aegis256_absorb(const unsigned char *const src, aes_block_t *const state)
{
aes_block_t msg;
msg = AES_BLOCK_LOAD(src);
crypto_aead_aegis256_update(state, msg);
}
static void
crypto_aead_aegis256_enc(unsigned char *const dst,
const unsigned char *const src,
@ -150,12 +159,12 @@ crypto_aead_aegis256_encrypt_detached(unsigned char *c, unsigned char *mac,
crypto_aead_aegis256_init(k, npub, state);
for (i = 0ULL; i + 16ULL <= adlen; i += 16ULL) {
crypto_aead_aegis256_enc(dst, ad + i, state);
crypto_aead_aegis256_absorb(ad + i, state);
}
if (adlen & 0xf) {
memset(src, 0, 16);
memcpy(src, ad + i, adlen & 0xf);
crypto_aead_aegis256_enc(dst, src, state);
crypto_aead_aegis256_absorb(src, state);
}
for (i = 0ULL; i + 16ULL <= mlen; i += 16ULL) {
crypto_aead_aegis256_enc(c + i, m + i, state);
@ -220,12 +229,12 @@ crypto_aead_aegis256_decrypt_detached(unsigned char *m, unsigned char *nsec, con
crypto_aead_aegis256_init(k, npub, state);
for (i = 0ULL; i + 16ULL <= adlen; i += 16ULL) {
crypto_aead_aegis256_enc(dst, ad + i, state);
crypto_aead_aegis256_absorb(ad + i, state);
}
if (adlen & 0xf) {
memset(src, 0, 16);
memcpy(src, ad + i, adlen & 0xf);
crypto_aead_aegis256_enc(dst, src, state);
crypto_aead_aegis256_absorb(src, state);
}
if (m != NULL) {
for (i = 0ULL; i + 16ULL <= mlen; i += 16ULL) {