Skip to content

Commit f1c4745

Browse files
jedisct1jedisct1
committed
Preload an extra AD block in AEGIS256* as well
1 parent 15b8a3c commit f1c4745

File tree

3 files changed

+33
-3
lines changed

3 files changed

+33
-3
lines changed

src/aegis256/aegis256_common.h

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -534,7 +534,17 @@ state_mac_update(aegis256_state *st_, const uint8_t *ad, size_t adlen)
534534
ad += RATE - left;
535535
adlen -= RATE - left;
536536
}
537-
for (i = 0; i + RATE <= adlen; i += RATE) {
537+
for (i = 0; i + RATE * 2 <= adlen; i += RATE * 2) {
538+
aes_block_t msg0, msg1;
539+
540+
msg0 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 0);
541+
msg1 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 1);
542+
COMPILER_ASSERT(AES_BLOCK_LENGTH * 2 == RATE * 2);
543+
544+
aegis256_update(st->state, msg0);
545+
aegis256_update(st->state, msg1);
546+
}
547+
for (; i + RATE <= adlen; i += RATE) {
538548
aegis256_absorb(ad + i, st->state);
539549
}
540550
if (i < adlen) {

src/aegis256x2/aegis256x2_common.h

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -583,7 +583,17 @@ state_mac_update(aegis256x2_state *st_, const uint8_t *ad, size_t adlen)
583583
ad += RATE - left;
584584
adlen -= RATE - left;
585585
}
586-
for (i = 0; i + RATE <= adlen; i += RATE) {
586+
for (i = 0; i + RATE * 2 <= adlen; i += RATE * 2) {
587+
aes_block_t msg0, msg1;
588+
589+
msg0 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 0);
590+
msg1 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 1);
591+
COMPILER_ASSERT(AES_BLOCK_LENGTH * 2 == RATE * 2);
592+
593+
aegis256x2_update(st->state, msg0);
594+
aegis256x2_update(st->state, msg1);
595+
}
596+
for (; i + RATE <= adlen; i += RATE) {
587597
aegis256x2_absorb(ad + i, st->state);
588598
}
589599
if (i < adlen) {

src/aegis256x4/aegis256x4_common.h

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -602,7 +602,17 @@ state_mac_update(aegis256x4_state *st_, const uint8_t *ad, size_t adlen)
602602
ad += RATE - left;
603603
adlen -= RATE - left;
604604
}
605-
for (i = 0; i + RATE <= adlen; i += RATE) {
605+
for (i = 0; i + RATE * 2 <= adlen; i += RATE * 2) {
606+
aes_block_t msg0, msg1;
607+
608+
msg0 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 0);
609+
msg1 = AES_BLOCK_LOAD(ad + i + AES_BLOCK_LENGTH * 1);
610+
COMPILER_ASSERT(AES_BLOCK_LENGTH * 2 == RATE * 2);
611+
612+
aegis256x4_update(st->state, msg0);
613+
aegis256x4_update(st->state, msg1);
614+
}
615+
for (; i + RATE <= adlen; i += RATE) {
606616
aegis256x4_absorb(ad + i, st->state);
607617
}
608618
if (i < adlen) {

0 commit comments

Comments
 (0)