Skip to content

Commit 9738e77

Browse files
jedisct1jedisct1
committed
Fix incremental decryption
1 parent 1ce38ab commit 9738e77

File tree

5 files changed

+215
-93
lines changed

5 files changed

+215
-93
lines changed

src/aegis128l/aegis128l_common.h

Lines changed: 21 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -374,37 +374,36 @@ state_decrypt_detached_update(aegis128l_state *st_, uint8_t *m, size_t mlen_max,
374374
CRYPTO_ALIGN(RATE) uint8_t dst[RATE];
375375
size_t i = 0;
376376
size_t left;
377-
const size_t mlen = clen;
378377

379378
*written = 0;
380-
st->mlen += mlen;
379+
st->mlen += clen;
380+
381381
if (st->pos != 0) {
382382
const size_t available = (sizeof st->buf) - st->pos;
383383
const size_t n = clen < available ? clen : available;
384384

385385
if (n != 0) {
386-
memcpy(st->buf + st->pos, m + i, n);
386+
memcpy(st->buf + st->pos, c, n);
387387
c += n;
388388
clen -= n;
389389
st->pos += n;
390390
}
391-
if (st->pos == (sizeof st->buf)) {
392-
if (m != NULL) {
393-
if (mlen_max < RATE) {
394-
errno = ERANGE;
395-
return -1;
396-
}
397-
mlen_max -= RATE;
398-
aegis128l_dec(m, st->buf, st->state);
399-
} else {
400-
aegis128l_dec(dst, st->buf, st->state);
391+
if (st->pos < (sizeof st->buf)) {
392+
return 0;
393+
}
394+
st->pos = 0;
395+
if (m != NULL) {
396+
if (mlen_max < RATE) {
397+
errno = ERANGE;
398+
return -1;
401399
}
402-
*written += RATE;
403-
c += RATE;
404-
st->pos = 0;
400+
mlen_max -= RATE;
401+
aegis128l_dec(m, st->buf, st->state);
402+
m += RATE;
405403
} else {
406-
return 0;
404+
aegis128l_dec(dst, st->buf, st->state);
407405
}
406+
*written += RATE;
408407
}
409408
if (m != NULL) {
410409
if (mlen_max < (clen % RATE)) {
@@ -420,7 +419,7 @@ state_decrypt_detached_update(aegis128l_state *st_, uint8_t *m, size_t mlen_max,
420419
}
421420
}
422421
*written += i;
423-
left = mlen % RATE;
422+
left = clen % RATE;
424423
if (left) {
425424
memcpy(st->buf, c + i, left);
426425
st->pos = left;
@@ -439,12 +438,12 @@ state_decrypt_detached_final(aegis128l_state *st_, uint8_t *m, size_t mlen_max,
439438
int ret;
440439

441440
*written = 0;
442-
if (mlen_max < st->pos) {
443-
errno = ERANGE;
444-
return -1;
445-
}
446441
if (st->pos != 0) {
447442
if (m != NULL) {
443+
if (mlen_max < st->pos) {
444+
errno = ERANGE;
445+
return -1;
446+
}
448447
aegis128l_declast(m, st->buf, st->pos, st->state);
449448
} else {
450449
aegis128l_declast(dst, st->buf, st->pos, st->state);

src/aegis128x2/aegis128x2_common.h

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -404,38 +404,38 @@ state_decrypt_detached_update(aegis128x2_state *st_, uint8_t *m, size_t mlen_max
404404
CRYPTO_ALIGN(RATE) uint8_t dst[RATE];
405405
size_t i = 0;
406406
size_t left;
407-
const size_t mlen = clen;
408407

409408
*written = 0;
410-
st->mlen += mlen;
409+
st->mlen += clen;
410+
411411
if (st->pos != 0) {
412412
const size_t available = (sizeof st->buf) - st->pos;
413413
const size_t n = clen < available ? clen : available;
414414

415415
if (n != 0) {
416-
memcpy(st->buf + st->pos, m + i, n);
416+
memcpy(st->buf + st->pos, c, n);
417417
c += n;
418418
clen -= n;
419419
st->pos += n;
420420
}
421-
if (st->pos == (sizeof st->buf)) {
422-
if (m != NULL) {
423-
if (mlen_max < RATE) {
424-
errno = ERANGE;
425-
return -1;
426-
}
427-
mlen_max -= RATE;
428-
aegis128x2_dec(m, st->buf, st->state);
429-
} else {
430-
aegis128x2_dec(dst, st->buf, st->state);
421+
if (st->pos < (sizeof st->buf)) {
422+
return 0;
423+
}
424+
st->pos = 0;
425+
if (m != NULL) {
426+
if (mlen_max < RATE) {
427+
errno = ERANGE;
428+
return -1;
431429
}
432-
*written += RATE;
433-
c += RATE;
434-
st->pos = 0;
430+
mlen_max -= RATE;
431+
aegis128x2_dec(m, st->buf, st->state);
432+
m += RATE;
435433
} else {
436-
return 0;
434+
aegis128x2_dec(dst, st->buf, st->state);
437435
}
436+
*written += RATE;
438437
}
438+
439439
if (m != NULL) {
440440
if (mlen_max < (clen % RATE)) {
441441
errno = ERANGE;
@@ -450,7 +450,7 @@ state_decrypt_detached_update(aegis128x2_state *st_, uint8_t *m, size_t mlen_max
450450
}
451451
}
452452
*written += i;
453-
left = mlen % RATE;
453+
left = clen % RATE;
454454
if (left) {
455455
memcpy(st->buf, c + i, left);
456456
st->pos = left;
@@ -469,12 +469,12 @@ state_decrypt_detached_final(aegis128x2_state *st_, uint8_t *m, size_t mlen_max,
469469
int ret;
470470

471471
*written = 0;
472-
if (mlen_max < st->pos) {
473-
errno = ERANGE;
474-
return -1;
475-
}
476472
if (st->pos != 0) {
477473
if (m != NULL) {
474+
if (mlen_max < st->pos) {
475+
errno = ERANGE;
476+
return -1;
477+
}
478478
aegis128x2_declast(m, st->buf, st->pos, st->state);
479479
} else {
480480
aegis128x2_declast(dst, st->buf, st->pos, st->state);

src/aegis128x4/aegis128x4_common.h

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -417,38 +417,38 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max
417417
CRYPTO_ALIGN(RATE) uint8_t dst[RATE];
418418
size_t i = 0;
419419
size_t left;
420-
const size_t mlen = clen;
421420

422421
*written = 0;
423-
st->mlen += mlen;
422+
st->mlen += clen;
423+
424424
if (st->pos != 0) {
425425
const size_t available = (sizeof st->buf) - st->pos;
426426
const size_t n = clen < available ? clen : available;
427427

428428
if (n != 0) {
429-
memcpy(st->buf + st->pos, m + i, n);
429+
memcpy(st->buf + st->pos, c, n);
430430
c += n;
431431
clen -= n;
432432
st->pos += n;
433433
}
434-
if (st->pos == (sizeof st->buf)) {
435-
if (m != NULL) {
436-
if (mlen_max < RATE) {
437-
errno = ERANGE;
438-
return -1;
439-
}
440-
mlen_max -= RATE;
441-
aegis128x4_dec(m, st->buf, st->state);
442-
} else {
443-
aegis128x4_dec(dst, st->buf, st->state);
434+
if (st->pos < (sizeof st->buf)) {
435+
return 0;
436+
}
437+
st->pos = 0;
438+
if (m != NULL) {
439+
if (mlen_max < RATE) {
440+
errno = ERANGE;
441+
return -1;
444442
}
445-
*written += RATE;
446-
c += RATE;
447-
st->pos = 0;
443+
mlen_max -= RATE;
444+
aegis128x4_dec(m, st->buf, st->state);
445+
m += RATE;
448446
} else {
449-
return 0;
447+
aegis128x4_dec(dst, st->buf, st->state);
450448
}
449+
*written += RATE;
451450
}
451+
452452
if (m != NULL) {
453453
if (mlen_max < (clen % RATE)) {
454454
errno = ERANGE;
@@ -463,7 +463,7 @@ state_decrypt_detached_update(aegis128x4_state *st_, uint8_t *m, size_t mlen_max
463463
}
464464
}
465465
*written += i;
466-
left = mlen % RATE;
466+
left = clen % RATE;
467467
if (left) {
468468
memcpy(st->buf, c + i, left);
469469
st->pos = left;
@@ -482,12 +482,12 @@ state_decrypt_detached_final(aegis128x4_state *st_, uint8_t *m, size_t mlen_max,
482482
int ret;
483483

484484
*written = 0;
485-
if (mlen_max < st->pos) {
486-
errno = ERANGE;
487-
return -1;
488-
}
489485
if (st->pos != 0) {
490486
if (m != NULL) {
487+
if (mlen_max < st->pos) {
488+
errno = ERANGE;
489+
return -1;
490+
}
491491
aegis128x4_declast(m, st->buf, st->pos, st->state);
492492
} else {
493493
aegis128x4_declast(dst, st->buf, st->pos, st->state);

src/aegis256/aegis256_common.h

Lines changed: 23 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -359,42 +359,38 @@ state_decrypt_detached_update(aegis256_state *st_, uint8_t *m, size_t mlen_max,
359359
CRYPTO_ALIGN(RATE) uint8_t dst[RATE];
360360
size_t i = 0;
361361
size_t left;
362-
const size_t mlen = clen;
363362

364363
*written = 0;
365-
if (mlen_max < (clen % RATE)) {
366-
errno = ERANGE;
367-
return -1;
368-
}
369-
st->mlen += mlen;
364+
st->mlen += clen;
365+
370366
if (st->pos != 0) {
371367
const size_t available = (sizeof st->buf) - st->pos;
372368
const size_t n = clen < available ? clen : available;
373369

374370
if (n != 0) {
375-
memcpy(st->buf + st->pos, m + i, n);
371+
memcpy(st->buf + st->pos, c, n);
376372
c += n;
377373
clen -= n;
378374
st->pos += n;
379375
}
380-
if (st->pos == (sizeof st->buf)) {
381-
if (m != NULL) {
382-
if (mlen_max < RATE) {
383-
errno = ERANGE;
384-
return -1;
385-
}
386-
mlen_max -= RATE;
387-
aegis256_dec(m, st->buf, st->state);
388-
} else {
389-
aegis256_dec(dst, st->buf, st->state);
376+
if (st->pos < (sizeof st->buf)) {
377+
return 0;
378+
}
379+
st->pos = 0;
380+
if (m != NULL) {
381+
if (mlen_max < RATE) {
382+
errno = ERANGE;
383+
return -1;
390384
}
391-
*written += RATE;
392-
c += RATE;
393-
st->pos = 0;
385+
mlen_max -= RATE;
386+
aegis256_dec(m, st->buf, st->state);
387+
m += RATE;
394388
} else {
395-
return 0;
389+
aegis256_dec(dst, st->buf, st->state);
396390
}
391+
*written += RATE;
397392
}
393+
398394
if (m != NULL) {
399395
if (mlen_max < (clen % RATE)) {
400396
errno = ERANGE;
@@ -409,7 +405,7 @@ state_decrypt_detached_update(aegis256_state *st_, uint8_t *m, size_t mlen_max,
409405
}
410406
}
411407
*written += i;
412-
left = mlen % RATE;
408+
left = clen % RATE;
413409
if (left) {
414410
memcpy(st->buf, c + i, left);
415411
st->pos = left;
@@ -421,19 +417,19 @@ static int
421417
state_decrypt_detached_final(aegis256_state *st_, uint8_t *m, size_t mlen_max, size_t *written,
422418
const uint8_t *mac, size_t maclen)
423419
{
424-
CRYPTO_ALIGN(RATE) uint8_t computed_mac[32];
420+
CRYPTO_ALIGN(16) uint8_t computed_mac[32];
425421
CRYPTO_ALIGN(RATE) uint8_t dst[RATE];
426422
_aegis256_state *const st =
427423
(_aegis256_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
428424
int ret;
429425

430426
*written = 0;
431-
if (mlen_max < st->pos) {
432-
errno = ERANGE;
433-
return -1;
434-
}
435427
if (st->pos != 0) {
436428
if (m != NULL) {
429+
if (mlen_max < st->pos) {
430+
errno = ERANGE;
431+
return -1;
432+
}
437433
aegis256_declast(m, st->buf, st->pos, st->state);
438434
} else {
439435
aegis256_declast(dst, st->buf, st->pos, st->state);

0 commit comments

Comments
 (0)