From 82564614039bc8869f20539f094644479cfde7a2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 10 Jun 2024 10:13:22 +0200 Subject: [PATCH] Make the distinction between the state alignment and the rate --- src/aegis128l/aegis128l_common.h | 96 +++++++++++++++++------------- src/aegis128x2/aegis128x2_common.h | 96 +++++++++++++++++------------- src/aegis128x4/aegis128x4_common.h | 96 +++++++++++++++++------------- src/aegis256/aegis256_common.h | 96 +++++++++++++++++------------- src/aegis256x2/aegis256x2_common.h | 96 +++++++++++++++++------------- src/aegis256x4/aegis256x4_common.h | 96 +++++++++++++++++------------- src/include/aegis.h | 4 +- src/include/aegis128l.h | 2 +- src/include/aegis128x2.h | 2 +- src/include/aegis128x4.h | 2 +- src/include/aegis256.h | 2 +- src/include/aegis256x2.h | 2 +- src/include/aegis256x4.h | 2 +- 13 files changed, 325 insertions(+), 267 deletions(-) diff --git a/src/aegis128l/aegis128l_common.h b/src/aegis128l/aegis128l_common.h index 5075dae..74d98f7 100644 --- a/src/aegis128l/aegis128l_common.h +++ b/src/aegis128l/aegis128l_common.h @@ -1,4 +1,5 @@ -#define RATE 32 +#define RATE 32 +#define ALIGNMENT 32 static void aegis128l_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -145,10 +146,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128l_init(k, npub, state); @@ -179,13 +180,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis128l_init(k, npub, state); @@ -231,10 +232,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -256,10 +257,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128l_init(k, npub, state); @@ -305,10 +306,11 @@ state_init(aegis128l_state *st_, const uint8_t *ad, size_t adlen, const uint8_t const uint8_t *k) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -329,7 +331,8 @@ state_encrypt_update(aegis128l_state *st_, uint8_t *c, size_t clen_max, size_t * const uint8_t *m, size_t mlen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -359,7 +362,7 @@ state_encrypt_update(aegis128l_state *st_, uint8_t *c, size_t clen_max, size_t * return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -380,9 +383,10 @@ state_encrypt_detached_final(aegis128l_state *st_, uint8_t *c, size_t clen_max, uint8_t *mac, size_t maclen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -407,9 +411,10 @@ state_encrypt_final(aegis128l_state *st_, uint8_t *c, size_t clen_max, size_t *w size_t maclen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -434,10 +439,11 @@ state_decrypt_detached_update(aegis128l_state *st_, uint8_t *m, size_t mlen_max, const uint8_t *c, size_t clen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -495,10 +501,11 @@ static int state_decrypt_detached_final(aegis128l_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis128l_state *const st = + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -532,7 +539,8 @@ static int state_mac_update(aegis128l_state *st_, const uint8_t *ad, size_t adlen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -574,7 +582,8 @@ static int state_mac_final(aegis128l_state *st_, uint8_t *mac, size_t maclen) { _aegis128l_state *const st = - (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -591,9 +600,10 @@ static void state_clone(aegis128l_state *dst, const aegis128l_state *src) { _aegis128l_state *const dst_ = - (_aegis128l_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128l_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis128l_state *const src_ = - (const _aegis128l_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis128l_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/aegis128x2/aegis128x2_common.h b/src/aegis128x2/aegis128x2_common.h index 144e271..4548651 100644 --- a/src/aegis128x2/aegis128x2_common.h +++ b/src/aegis128x2/aegis128x2_common.h @@ -1,4 +1,5 @@ -#define RATE 64 +#define RATE 64 +#define ALIGNMENT 64 static void aegis128x2_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -178,10 +179,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128x2_init(k, npub, state); @@ -212,13 +213,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis128x2_init(k, npub, state); @@ -264,10 +265,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -289,10 +290,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128x2_init(k, npub, state); @@ -338,10 +339,11 @@ state_init(aegis128x2_state *st_, const uint8_t *ad, size_t adlen, const uint8_t const uint8_t *k) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -362,7 +364,8 @@ state_encrypt_update(aegis128x2_state *st_, uint8_t *c, size_t clen_max, size_t const uint8_t *m, size_t mlen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -392,7 +395,7 @@ state_encrypt_update(aegis128x2_state *st_, uint8_t *c, size_t clen_max, size_t return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -413,9 +416,10 @@ state_encrypt_detached_final(aegis128x2_state *st_, uint8_t *c, size_t clen_max, uint8_t *mac, size_t maclen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -440,9 +444,10 @@ state_encrypt_final(aegis128x2_state *st_, uint8_t *c, size_t clen_max, size_t * size_t maclen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -467,10 +472,11 @@ state_decrypt_detached_update(aegis128x2_state *st_, uint8_t *m, size_t mlen_max const uint8_t *c, size_t clen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -529,10 +535,11 @@ static int state_decrypt_detached_final(aegis128x2_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis128x2_state *const st = + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -566,7 +573,8 @@ static int state_mac_update(aegis128x2_state *st_, const uint8_t *ad, size_t adlen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -608,7 +616,8 @@ static int state_mac_final(aegis128x2_state *st_, uint8_t *mac, size_t maclen) { _aegis128x2_state *const st = - (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -625,9 +634,10 @@ static void state_clone(aegis128x2_state *dst, const aegis128x2_state *src) { _aegis128x2_state *const dst_ = - (_aegis128x2_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x2_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis128x2_state *const src_ = - (const _aegis128x2_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis128x2_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/aegis128x4/aegis128x4_common.h b/src/aegis128x4/aegis128x4_common.h index dd38ac6..03c7d05 100644 --- a/src/aegis128x4/aegis128x4_common.h +++ b/src/aegis128x4/aegis128x4_common.h @@ -1,4 +1,5 @@ -#define RATE 128 +#define RATE 128 +#define ALIGNMENT 64 static void aegis128x4_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -193,10 +194,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128x4_init(k, npub, state); @@ -227,13 +228,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis128x4_init(k, npub, state); @@ -279,10 +280,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -304,10 +305,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[8]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[8]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis128x4_init(k, npub, state); @@ -353,10 +354,11 @@ state_init(aegis128x4_state *st_, const uint8_t *ad, size_t adlen, const uint8_t const uint8_t *k) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -377,7 +379,8 @@ state_encrypt_update(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t const uint8_t *m, size_t mlen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -407,7 +410,7 @@ state_encrypt_update(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -428,9 +431,10 @@ state_encrypt_detached_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max, uint8_t *mac, size_t maclen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -455,9 +459,10 @@ state_encrypt_final(aegis128x4_state *st_, uint8_t *c, size_t clen_max, size_t * size_t maclen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -482,10 +487,11 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max const uint8_t *c, size_t clen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -544,10 +550,11 @@ static int state_decrypt_detached_final(aegis128x4_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis128x4_state *const st = + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -581,7 +588,8 @@ static int state_mac_update(aegis128x4_state *st_, const uint8_t *ad, size_t adlen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -623,7 +631,8 @@ static int state_mac_final(aegis128x4_state *st_, uint8_t *mac, size_t maclen) { _aegis128x4_state *const st = - (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -640,9 +649,10 @@ static void state_clone(aegis128x4_state *dst, const aegis128x4_state *src) { _aegis128x4_state *const dst_ = - (_aegis128x4_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis128x4_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis128x4_state *const src_ = - (const _aegis128x4_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis128x4_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/aegis256/aegis256_common.h b/src/aegis256/aegis256_common.h index 6131b42..515709f 100644 --- a/src/aegis256/aegis256_common.h +++ b/src/aegis256/aegis256_common.h @@ -1,4 +1,5 @@ -#define RATE 16 +#define RATE 16 +#define ALIGNMENT 16 static void aegis256_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -130,10 +131,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256_init(k, npub, state); @@ -164,13 +165,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis256_init(k, npub, state); @@ -216,10 +217,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -241,10 +242,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256_init(k, npub, state); @@ -290,10 +291,11 @@ state_init(aegis256_state *st_, const uint8_t *ad, size_t adlen, const uint8_t * const uint8_t *k) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -314,7 +316,8 @@ state_encrypt_update(aegis256_state *st_, uint8_t *c, size_t clen_max, size_t *w const uint8_t *m, size_t mlen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -344,7 +347,7 @@ state_encrypt_update(aegis256_state *st_, uint8_t *c, size_t clen_max, size_t *w return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -365,9 +368,10 @@ state_encrypt_detached_final(aegis256_state *st_, uint8_t *c, size_t clen_max, s uint8_t *mac, size_t maclen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -392,9 +396,10 @@ state_encrypt_final(aegis256_state *st_, uint8_t *c, size_t clen_max, size_t *wr size_t maclen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -419,10 +424,11 @@ state_decrypt_detached_update(aegis256_state *st_, uint8_t *m, size_t mlen_max, const uint8_t *c, size_t clen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -481,10 +487,11 @@ static int state_decrypt_detached_final(aegis256_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis256_state *const st = + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -518,7 +525,8 @@ static int state_mac_update(aegis256_state *st_, const uint8_t *ad, size_t adlen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -558,7 +566,8 @@ static int state_mac_final(aegis256_state *st_, uint8_t *mac, size_t maclen) { _aegis256_state *const st = - (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -575,9 +584,10 @@ static void state_clone(aegis256_state *dst, const aegis256_state *src) { _aegis256_state *const dst_ = - (_aegis256_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis256_state *const src_ = - (const _aegis256_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis256_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/aegis256x2/aegis256x2_common.h b/src/aegis256x2/aegis256x2_common.h index 46a1f18..caa3ed5 100644 --- a/src/aegis256x2/aegis256x2_common.h +++ b/src/aegis256x2/aegis256x2_common.h @@ -1,4 +1,5 @@ -#define RATE 32 +#define RATE 32 +#define ALIGNMENT 32 static void aegis256x2_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -179,10 +180,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256x2_init(k, npub, state); @@ -213,13 +214,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis256x2_init(k, npub, state); @@ -265,10 +266,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -290,10 +291,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256x2_init(k, npub, state); @@ -339,10 +340,11 @@ state_init(aegis256x2_state *st_, const uint8_t *ad, size_t adlen, const uint8_t const uint8_t *k) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -363,7 +365,8 @@ state_encrypt_update(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t const uint8_t *m, size_t mlen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -393,7 +396,7 @@ state_encrypt_update(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -414,9 +417,10 @@ state_encrypt_detached_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max, uint8_t *mac, size_t maclen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -441,9 +445,10 @@ state_encrypt_final(aegis256x2_state *st_, uint8_t *c, size_t clen_max, size_t * size_t maclen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -468,10 +473,11 @@ state_decrypt_detached_update(aegis256x2_state *st_, uint8_t *m, size_t mlen_max const uint8_t *c, size_t clen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -530,10 +536,11 @@ static int state_decrypt_detached_final(aegis256x2_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis256x2_state *const st = + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -567,7 +574,8 @@ static int state_mac_update(aegis256x2_state *st_, const uint8_t *ad, size_t adlen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -607,7 +615,8 @@ static int state_mac_final(aegis256x2_state *st_, uint8_t *mac, size_t maclen) { _aegis256x2_state *const st = - (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x2_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -624,9 +633,10 @@ static void state_clone(aegis256x2_state *dst, const aegis256x2_state *src) { _aegis256x2_state *const dst_ = - (_aegis256x2_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x2_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis256x2_state *const src_ = - (const _aegis256x2_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis256x2_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/aegis256x4/aegis256x4_common.h b/src/aegis256x4/aegis256x4_common.h index bcaae68..3474b4e 100644 --- a/src/aegis256x4/aegis256x4_common.h +++ b/src/aegis256x4/aegis256x4_common.h @@ -1,4 +1,5 @@ -#define RATE 64 +#define RATE 64 +#define ALIGNMENT 64 static void aegis256x4_init(const uint8_t *key, const uint8_t *nonce, aes_block_t *const state) @@ -198,10 +199,10 @@ static int encrypt_detached(uint8_t *c, uint8_t *mac, size_t maclen, const uint8_t *m, size_t mlen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256x4_init(k, npub, state); @@ -232,13 +233,13 @@ static int decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, size_t maclen, const uint8_t *ad, size_t adlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - const size_t mlen = clen; - size_t i; - int ret; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + const size_t mlen = clen; + size_t i; + int ret; aegis256x4_init(k, npub, state); @@ -284,10 +285,10 @@ decrypt_detached(uint8_t *m, const uint8_t *c, size_t clen, const uint8_t *mac, static void stream(uint8_t *out, size_t len, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; memset(src, 0, sizeof src); if (npub == NULL) { @@ -309,10 +310,10 @@ static void encrypt_unauthenticated(uint8_t *c, const uint8_t *m, size_t mlen, const uint8_t *npub, const uint8_t *k) { - aes_block_t state[6]; - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i; + aes_block_t state[6]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i; aegis256x4_init(k, npub, state); @@ -358,10 +359,11 @@ state_init(aegis256x4_state *st_, const uint8_t *ad, size_t adlen, const uint8_t const uint8_t *k) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; - COMPILER_ASSERT((sizeof *st) + RATE <= sizeof *st_); + COMPILER_ASSERT((sizeof *st) + ALIGNMENT <= sizeof *st_); st->mlen = 0; st->pos = 0; @@ -382,7 +384,8 @@ state_encrypt_update(aegis256x4_state *st_, uint8_t *c, size_t clen_max, size_t const uint8_t *m, size_t mlen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i = 0; size_t left; @@ -412,7 +415,7 @@ state_encrypt_update(aegis256x4_state *st_, uint8_t *c, size_t clen_max, size_t return 0; } } - if (clen_max < (mlen & ~(size_t) (RATE - 1))) { + if (clen_max < (mlen & ~(size_t) (ALIGNMENT - 1))) { errno = ERANGE; return -1; } @@ -433,9 +436,10 @@ state_encrypt_detached_final(aegis256x4_state *st_, uint8_t *c, size_t clen_max, uint8_t *mac, size_t maclen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos) { @@ -460,9 +464,10 @@ state_encrypt_final(aegis256x4_state *st_, uint8_t *c, size_t clen_max, size_t * size_t maclen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t src[RATE]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t src[RATE]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; *written = 0; if (clen_max < st->pos + maclen) { @@ -487,10 +492,11 @@ state_decrypt_detached_update(aegis256x4_state *st_, uint8_t *m, size_t mlen_max const uint8_t *c, size_t clen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - size_t i = 0; - size_t left; + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + size_t i = 0; + size_t left; *written = 0; st->mlen += clen; @@ -549,10 +555,11 @@ static int state_decrypt_detached_final(aegis256x4_state *st_, uint8_t *m, size_t mlen_max, size_t *written, const uint8_t *mac, size_t maclen) { - CRYPTO_ALIGN(16) uint8_t computed_mac[32]; - CRYPTO_ALIGN(RATE) uint8_t dst[RATE]; - _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + CRYPTO_ALIGN(16) uint8_t computed_mac[32]; + CRYPTO_ALIGN(ALIGNMENT) uint8_t dst[RATE]; + _aegis256x4_state *const st = + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); int ret; *written = 0; @@ -586,7 +593,8 @@ static int state_mac_update(aegis256x4_state *st_, const uint8_t *ad, size_t adlen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t i; size_t left; @@ -626,7 +634,8 @@ static int state_mac_final(aegis256x4_state *st_, uint8_t *mac, size_t maclen) { _aegis256x4_state *const st = - (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x4_state *) ((((uintptr_t) &st_->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); size_t left; left = st->adlen % RATE; @@ -643,9 +652,10 @@ static void state_clone(aegis256x4_state *dst, const aegis256x4_state *src) { _aegis256x4_state *const dst_ = - (_aegis256x4_state *) ((((uintptr_t) &dst->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1)); + (_aegis256x4_state *) ((((uintptr_t) &dst->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); const _aegis256x4_state *const src_ = - (const _aegis256x4_state *) ((((uintptr_t) &src->opaque) + (RATE - 1)) & - ~(uintptr_t) (RATE - 1)); + (const _aegis256x4_state *) ((((uintptr_t) &src->opaque) + (ALIGNMENT - 1)) & + ~(uintptr_t) (ALIGNMENT - 1)); *dst_ = *src_; } \ No newline at end of file diff --git a/src/include/aegis.h b/src/include/aegis.h index 360097c..e9c9557 100644 --- a/src/include/aegis.h +++ b/src/include/aegis.h @@ -13,10 +13,8 @@ #ifndef CRYPTO_ALIGN # if defined(__INTEL_COMPILER) || defined(_MSC_VER) # define CRYPTO_ALIGN(x) __declspec(align(x)) -# elif defined(__GNUC__) || defined(__clang__) -# define CRYPTO_ALIGN(x) __attribute__((aligned(x))) # else -# define CRYPTO_ALIGN(x) +# define CRYPTO_ALIGN(x) __attribute__((aligned(x))) # endif #endif diff --git a/src/include/aegis128l.h b/src/include/aegis128l.h index 40790f2..3dc1f7f 100644 --- a/src/include/aegis128l.h +++ b/src/include/aegis128l.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis128l_state { - uint8_t opaque[256]; + CRYPTO_ALIGN(32) uint8_t opaque[256]; } aegis128l_state; /* The length of an AEGIS key, in bytes */ diff --git a/src/include/aegis128x2.h b/src/include/aegis128x2.h index 20c951b..919f8b7 100644 --- a/src/include/aegis128x2.h +++ b/src/include/aegis128x2.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis128x2_state { - uint8_t opaque[448]; + CRYPTO_ALIGN(64) uint8_t opaque[448]; } aegis128x2_state; /* The length of an AEGIS key, in bytes */ diff --git a/src/include/aegis128x4.h b/src/include/aegis128x4.h index de4e2fe..9c97b01 100644 --- a/src/include/aegis128x4.h +++ b/src/include/aegis128x4.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis128x4_state { - uint8_t opaque[832]; + CRYPTO_ALIGN(64) uint8_t opaque[832]; } aegis128x4_state; /* The length of an AEGIS key, in bytes */ diff --git a/src/include/aegis256.h b/src/include/aegis256.h index fce99ef..07a2da6 100644 --- a/src/include/aegis256.h +++ b/src/include/aegis256.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis256_state { - uint8_t opaque[192]; + CRYPTO_ALIGN(16) uint8_t opaque[192]; } aegis256_state; /* The length of an AEGIS key, in bytes */ diff --git a/src/include/aegis256x2.h b/src/include/aegis256x2.h index a77d511..58e7162 100644 --- a/src/include/aegis256x2.h +++ b/src/include/aegis256x2.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis256x2_state { - uint8_t opaque[320]; + CRYPTO_ALIGN(32) uint8_t opaque[320]; } aegis256x2_state; /* The length of an AEGIS key, in bytes */ diff --git a/src/include/aegis256x4.h b/src/include/aegis256x4.h index de19637..352af65 100644 --- a/src/include/aegis256x4.h +++ b/src/include/aegis256x4.h @@ -28,7 +28,7 @@ extern "C" { /* An AEGIS state, for incremental updates */ typedef struct aegis256x4_state { - uint8_t opaque[576]; + CRYPTO_ALIGN(64) uint8_t opaque[576]; } aegis256x4_state; /* The length of an AEGIS key, in bytes */