guts \
} while (0)
-#define BLKC_P(p) register octet *_p = (octet *)(p)
-#define BLKC_W(w) register uint32 *_w = (w)
-#define BLKC_WX(wx) register uint32 *_wx = (wx)
+#define BLKC_P(p) octet *_p = (octet *)(p)
+#define BLKC_W(w) uint32 *_w = (w)
+#define BLKC_WX(wx) uint32 *_wx = (wx)
/* --- Implementation for unusual block sizes --- */
#define BLKC_SKEL_X(PRE, decl, guts) \
BLKC_SKEL(PRE, unsigned _i; decl, \
- for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \
+ for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \
guts \
})
BLKC_SKEL_X(PRE, BLKC_W(w);, *_w++ = 0;)
#define BLKC_STEP_X_B(PRE, w) do { \
- unsigned _i = PRE##_BLKSZ / 4; BLKC_W(w); uint32 _x = 0; \
+ unsigned _i = PRE##_BLKSZ/4; BLKC_W(w); uint32 _x = 0; \
while (_i && !_x) { _i--; _w[_i] = _x = U32(_w[_i] + 1); } \
} while (0)
#define BLKC_STEP_X_L(PRE, w) do { \
unsigned _i = 0; BLKC_W(w); uint32 _x = 0; \
- while (_i < PRE##_BLKSZ / 4 && !_x) \
+ while (_i < PRE##_BLKSZ/4 && !_x) \
{ _w[_i] = _x = U32(_w[_i] + 1); _i++; } \
} while (0)
#define BLKC_SET_X_B(PRE, w, x) do { \
unsigned _i; BLKC_W(w); unsigned long _x = x; \
- for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \
+ for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \
*_w++ = U32(_x); \
_x = ((_x & ~(unsigned long)MASK32) >> 16) >> 16; \
} \
} while (0)
#define BLKC_SET_X_L(PRE, w, x) do { \
- unsigned _i; BLKC_W(w); unsigned long _x = x; _w += PRE##_BLKSZ / 4; \
- for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \
+ unsigned _i; BLKC_W(w); unsigned long _x = x; _w += PRE##_BLKSZ/4; \
+ for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \
*--_w = U32(_x); \
_x = ((_x & ~(unsigned long)MASK32) >> 16) >> 16; \
} \
static int pre##_verify(dstr *v) \
{ \
pre##_ctx k; \
- uint32 p[PRE##_BLKSZ / 4]; \
- uint32 c[PRE##_BLKSZ / 4]; \
- uint32 d[PRE##_BLKSZ / 4]; \
+ uint32 p[PRE##_BLKSZ/4]; \
+ uint32 c[PRE##_BLKSZ/4]; \
+ uint32 d[PRE##_BLKSZ/4]; \
dstr b = DSTR_INIT; \
int ok = 1; \
\
*/ \
\
void pre##_cbcgetiv(const pre##_cbcctx *ctx, void *iv) \
-{ \
- BLKC_STORE(PRE, iv, ctx->iv); \
-} \
+ { BLKC_STORE(PRE, iv, ctx->a); } \
\
/* --- @pre_cbcsetiv@ --- * \
* \
*/ \
\
void pre##_cbcsetiv(pre##_cbcctx *ctx, const void *iv) \
-{ \
- BLKC_LOAD(PRE, ctx->iv, iv); \
-} \
+ { BLKC_LOAD(PRE, ctx->a, iv); } \
\
/* --- @pre_cbcsetkey@ --- * \
* \
*/ \
\
void pre##_cbcsetkey(pre##_cbcctx *ctx, const pre##_ctx *k) \
-{ \
- ctx->ctx = *k; \
-} \
+ { ctx->ctx = *k; } \
\
/* --- @pre_cbcinit@ --- * \
* \
const void *iv) \
{ \
static const octet zero[PRE##_BLKSZ] = { 0 }; \
+ \
pre##_init(&ctx->ctx, key, sz); \
- BLKC_LOAD(PRE, ctx->iv, iv ? iv : zero); \
+ BLKC_LOAD(PRE, ctx->a, iv ? iv : zero); \
} \
\
/* --- @pre_cbcencrypt@ --- * \
{ \
const octet *s = src; \
octet *d = dest; \
+ octet b[PRE##_BLKSZ]; \
+ octet y; \
+ unsigned i; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- Extra magical case for a short block --- * \
* \
*/ \
\
if (sz < PRE##_BLKSZ) { \
- octet b[PRE##_BLKSZ]; \
- unsigned i; \
- \
- pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \
- BLKC_STORE(PRE, b, ctx->iv); \
- if (d) { \
- for (i = 0; i < sz; i++) \
- d[i] = b[i] ^ (s ? s[i] : 0); \
- } \
+ pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \
+ BLKC_STORE(PRE, b, ctx->a); \
+ if (d) { for (i = 0; i < sz; i++) d[i] = b[i] ^ (s ? s[i] : 0); } \
memmove(b, b + sz, PRE##_BLKSZ - sz); \
memcpy(b + PRE##_BLKSZ - sz, d, sz); \
- BLKC_LOAD(PRE, ctx->iv, b); \
+ BLKC_LOAD(PRE, ctx->a, b); \
return; \
} \
\
* and keep a copy of the ciphertext for the next block. \
*/ \
\
- while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
- if (s) { \
- BLKC_XLOAD(PRE, ctx->iv, s); \
- s += PRE##_BLKSZ; \
- } \
- pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \
- if (d) { \
- BLKC_STORE(PRE, d, ctx->iv); \
- d += PRE##_BLKSZ; \
- } \
+ while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
+ if (s) { BLKC_XLOAD(PRE, ctx->a, s); s += PRE##_BLKSZ; } \
+ pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \
+ if (d) { BLKC_STORE(PRE, d, ctx->a); d += PRE##_BLKSZ; } \
sz -= PRE##_BLKSZ; \
} \
\
*/ \
\
if (sz) { \
- octet b[PRE##_BLKSZ]; \
- unsigned i; \
\
/* --- Let @sz@ be the size of the partial block --- */ \
\
* block. \
*/ \
\
- if (s) BLKC_XLOAD(PRE, ctx->iv, s); \
- pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \
- BLKC_STORE(PRE, b, ctx->iv); \
+ if (s) BLKC_XLOAD(PRE, ctx->a, s); \
+ pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \
+ BLKC_STORE(PRE, b, ctx->a); \
\
/* --- Second stage --- * \
* \
if (s) s += PRE##_BLKSZ; \
if (d) d += PRE##_BLKSZ; \
for (i = 0; i < sz; i++) { \
- register octet x = b[i]; \
+ y = b[i]; \
if (s) b[i] ^= s[i]; \
- if (d) d[i] = x; \
+ if (d) d[i] = y; \
} \
- BLKC_LOAD(PRE, ctx->iv, b); \
- pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \
- if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, ctx->iv); \
+ BLKC_LOAD(PRE, ctx->a, b); \
+ pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \
+ if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, ctx->a); \
} \
\
/* --- Done --- */ \
{ \
const octet *s = src; \
octet *d = dest; \
+ uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
+ octet b[PRE##_BLKSZ], c[PRE##_BLKSZ]; \
+ octet y; \
+ unsigned i; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- Extra magical case for a short block --- * \
* \
*/ \
\
if (sz < PRE##_BLKSZ) { \
- octet b[PRE##_BLKSZ], c[PRE##_BLKSZ]; \
- unsigned i; \
- \
- pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \
- BLKC_STORE(PRE, b, ctx->iv); \
- for (i = 0; i < sz; i++) { \
- register octet x = s[i]; \
- d[i] = b[i] ^ x; \
- c[i] = x; \
- } \
+ pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \
+ BLKC_STORE(PRE, b, ctx->a); \
+ for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i] ^ y; c[i] = y; } \
memmove(b, b + sz, PRE##_BLKSZ - sz); \
memcpy(b + PRE##_BLKSZ - sz, c, sz); \
- BLKC_LOAD(PRE, ctx->iv, b); \
+ BLKC_LOAD(PRE, ctx->a, b); \
return; \
} \
\
* and keep a copy of the ciphertext for the next block. \
*/ \
\
- while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
- uint32 b[PRE##_BLKSZ / 4], niv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, niv, s); \
- pre##_dblk(&ctx->ctx, niv, b); \
- BLKC_XSTORE(PRE, d, b, ctx->iv); \
- BLKC_MOVE(PRE, ctx->iv, niv); \
- s += PRE##_BLKSZ; \
- d += PRE##_BLKSZ; \
+ while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
+ BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; \
+ pre##_dblk(&ctx->ctx, t, u); \
+ BLKC_XSTORE(PRE, d, u, ctx->a); d += PRE##_BLKSZ; \
+ BLKC_MOVE(PRE, ctx->a, t); \
sz -= PRE##_BLKSZ; \
} \
\
*/ \
\
if (sz) { \
- octet b[PRE##_BLKSZ]; \
- uint32 bk[PRE##_BLKSZ / 4], niv[PRE##_BLKSZ / 4]; \
- unsigned i; \
\
/* --- Let @sz@ be the size of the partial block --- */ \
\
* is carried over for the next encryption operation. \
*/ \
\
- BLKC_LOAD(PRE, niv, s); \
- pre##_dblk(&ctx->ctx, niv, bk); \
+ BLKC_LOAD(PRE, t, s); \
+ pre##_dblk(&ctx->ctx, t, u); \
\
/* --- Second stage --- * \
* \
* three. \
*/ \
\
- BLKC_STORE(PRE, b, bk); \
+ BLKC_STORE(PRE, b, u); \
s += PRE##_BLKSZ; \
d += PRE##_BLKSZ; \
- for (i = 0; i < sz; i++) { \
- register octet x = s[i]; \
- d[i] = b[i] ^ x; \
- b[i] = x; \
- } \
+ for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i] ^ y; b[i] = y; } \
\
/* --- Third stage --- * \
* \
* recover the complete plaintext block. \
*/ \
\
- BLKC_LOAD(PRE, bk, b); \
- pre##_dblk(&ctx->ctx, bk, bk); \
- BLKC_XSTORE(PRE, d - PRE##_BLKSZ, bk, ctx->iv); \
- BLKC_MOVE(PRE, ctx->iv, niv); \
+ BLKC_LOAD(PRE, u, b); \
+ pre##_dblk(&ctx->ctx, u, u); \
+ BLKC_XSTORE(PRE, d - PRE##_BLKSZ, u, ctx->a); \
+ BLKC_MOVE(PRE, ctx->a, t); \
} \
\
/* --- Done --- */ \
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cbcencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_cbcencrypt(&g->k, s, t, sz); } \
\
static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cbcdecrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_cbcdecrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static void gsetiv(gcipher *c, const void *iv) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cbcsetiv(&g->k, iv); \
-} \
+ { gctx *g = (gctx *)c; pre##_cbcsetiv(&g->k, iv); } \
\
static const gcipher_ops gops = { \
&pre##_cbc, \
\
typedef struct pre##_cbcctx { \
pre##_ctx ctx; /* Underlying cipher context */ \
- uint32 iv[PRE##_BLKSZ / 4]; /* Previous ciphertext or IV */ \
+ uint32 a[PRE##_BLKSZ/4]; /* Previous ciphertext or IV */ \
} pre##_cbcctx; \
\
/* --- @pre_cbcgetiv@ --- * \
octet *p = iv; \
unsigned off = ctx->off; \
unsigned rest = PRE##_BLKSZ - off; \
- memcpy(p, ctx->iv + off, rest); \
- memcpy(p + rest, ctx->iv, off); \
+ \
+ memcpy(p, ctx->b + off, rest); \
+ memcpy(p + rest, ctx->b, off); \
} \
\
/* --- @pre_cfbsetiv@ --- * \
*/ \
\
void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv) \
-{ \
- memcpy(ctx->iv, iv, PRE##_BLKSZ); \
- ctx->off = PRE##_BLKSZ; \
-} \
+ { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = PRE##_BLKSZ; } \
\
/* --- @pre_cfbbdry@ --- * \
* \
\
void pre##_cfbbdry(pre##_cfbctx *ctx) \
{ \
- uint32 niv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, niv, ctx->iv); \
- pre##_eblk(&ctx->ctx, niv, niv); \
- BLKC_STORE(PRE, ctx->iv, niv); \
+ uint32 t[PRE##_BLKSZ/4]; \
+ \
+ BLKC_LOAD(PRE, t, ctx->b); \
+ pre##_eblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, ctx->b, t); \
ctx->off = PRE##_BLKSZ; \
- BURN(niv); \
+ BURN(t); \
} \
\
/* --- @pre_cfbsetkey@ --- * \
*/ \
\
void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k) \
-{ \
- ctx->ctx = *k; \
- ctx->off = PRE##_BLKSZ; \
-} \
+ { ctx->ctx = *k; ctx->off = PRE##_BLKSZ; } \
\
/* --- @pre_cfbinit@ --- * \
* \
const void *iv) \
{ \
static const octet zero[PRE##_BLKSZ] = { 0 }; \
+ \
pre##_init(&ctx->ctx, key, sz); \
pre##_cfbsetiv(ctx, iv ? iv : zero); \
} \
const octet *s = src; \
octet *d = dest; \
unsigned off = ctx->off; \
+ uint32 t[PRE##_BLKSZ/4]; \
+ octet y; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- If I can deal with the block from my buffer, do that --- */ \
\
- if (sz < PRE##_BLKSZ - off) \
- goto small; \
+ if (sz < PRE##_BLKSZ - off) goto small; \
\
/* --- Finish off what's left in my buffer --- */ \
\
while (off < PRE##_BLKSZ) { \
- register octet x = *s++; \
- ctx->iv[off] ^= x; \
- if (d) *d++ = ctx->iv[off]; \
- off++; \
- sz--; \
+ y = s ? *s++ : 0; \
+ ctx->b[off] ^= y; \
+ if (d) *d++ = ctx->b[off]; \
+ off++; sz--; \
} \
\
/* --- Main encryption loop --- */ \
\
- { \
- uint32 iv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, iv, ctx->iv); \
- \
- for (;;) { \
- pre##_eblk(&ctx->ctx, iv, iv); \
- if (sz < PRE##_BLKSZ) \
- break; \
- if (s) { \
- BLKC_XLOAD(PRE, iv, s); \
- s += PRE##_BLKSZ; \
- } \
- if (d) { \
- BLKC_STORE(PRE, d, iv); \
- d += PRE##_BLKSZ; \
- } \
- sz -= PRE##_BLKSZ; \
- } \
- off = 0; \
- BLKC_STORE(PRE, ctx->iv, iv); \
+ BLKC_LOAD(PRE, t, ctx->b); \
+ \
+ for (;;) { \
+ pre##_eblk(&ctx->ctx, t, t); \
+ if (sz < PRE##_BLKSZ) break; \
+ if (s) { BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ; } \
+ if (d) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \
+ sz -= PRE##_BLKSZ; \
} \
\
+ BLKC_STORE(PRE, ctx->b, t); \
+ off = 0; \
+ \
/* --- Tidying up the tail end --- */ \
\
if (sz) { \
small: \
do { \
- register octet x = *s++; \
- ctx->iv[off] ^= x; \
- if (d) *d++ = ctx->iv[off]; \
- off++; \
- sz--; \
+ y = s ? *s++ : 0; \
+ ctx->b[off] ^= y; \
+ if (d) *d++ = ctx->b[off]; \
+ off++; sz--; \
} while (sz); \
} \
\
const octet *s = src; \
octet *d = dest; \
unsigned off = ctx->off; \
+ uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
+ octet y; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- If I can deal with the block from my buffer, do that --- */ \
\
- if (sz < PRE##_BLKSZ - off) \
- goto small; \
+ if (sz < PRE##_BLKSZ - off) goto small; \
\
/* --- Finish off what's left in my buffer --- */ \
\
- while (off < PRE##_BLKSZ) { \
- register octet x = *s++; \
- *d++ = ctx->iv[off] ^ x; \
- ctx->iv[off++] = x; \
- sz--; \
- } \
+ while (off < PRE##_BLKSZ) \
+ { y = *s++; *d++ = ctx->b[off] ^ y; ctx->b[off++] = y; sz--; } \
\
/* --- Main encryption loop --- */ \
\
- { \
- uint32 iv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, iv, ctx->iv); \
- \
- for (;;) { \
- uint32 x[PRE##_BLKSZ / 4]; \
- pre##_eblk(&ctx->ctx, iv, iv); \
- if (sz < PRE##_BLKSZ) \
- break; \
- BLKC_LOAD(PRE, x, s); \
- BLKC_XSTORE(PRE, d, iv, x); \
- BLKC_MOVE(PRE, iv, x); \
- s += PRE##_BLKSZ; \
- d += PRE##_BLKSZ; \
- sz -= PRE##_BLKSZ; \
- } \
- off = 0; \
- BLKC_STORE(PRE, ctx->iv, iv); \
+ BLKC_LOAD(PRE, t, ctx->b); \
+ \
+ for (;;) { \
+ pre##_eblk(&ctx->ctx, t, t); \
+ if (sz < PRE##_BLKSZ) break; \
+ BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \
+ BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \
+ BLKC_MOVE(PRE, t, u); \
+ sz -= PRE##_BLKSZ; \
} \
\
+ BLKC_STORE(PRE, ctx->b, t); \
+ off = 0; \
+ \
/* --- Tidying up the tail end --- */ \
\
if (sz) { \
small: \
- do { \
- register octet x = *s++; \
- *d++ = ctx->iv[off] ^ x; \
- ctx->iv[off++] = x; \
- sz--; \
- } while (sz); \
+ do { y = *s++; *d++ = ctx->b[off] ^ y; ctx->b[off++] = y; sz--; } \
+ while (sz); \
} \
\
/* --- Done --- */ \
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cfbencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_cfbencrypt(&g->k, s, t, sz); } \
\
static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cfbdecrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_cfbdecrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static void gsetiv(gcipher *c, const void *iv) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cfbsetiv(&g->k, iv); \
-} \
+ { gctx *g = (gctx *)c; pre##_cfbsetiv(&g->k, iv); } \
\
static void gbdry(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_cfbbdry(&g->k); \
-} \
+ { gctx *g = (gctx *)c; pre##_cfbbdry(&g->k); } \
\
static const gcipher_ops gops = { \
&pre##_cfb, \
typedef struct pre##_cfbctx { \
pre##_ctx ctx; /* Underlying cipher context */ \
unsigned off; /* Offset into @iv@ buffer */ \
- octet iv[PRE##_BLKSZ]; /* Previous ciphertext or IV */ \
+ octet b[PRE##_BLKSZ]; /* Previous ciphertext or IV */ \
} pre##_cfbctx; \
\
/* --- @pre_cfbgetiv@ --- * \
void chacha_seeku64(chacha_ctx *ctx, kludge64 i)
{
ctx->a[12] = LO64(i); ctx->a[13] = HI64(i);
- ctx->bufi = CHACHA_OUTSZ;
+ ctx->off = CHACHA_OUTSZ;
}
void chacha_seek_ietf(chacha_ctx *ctx, uint32 i)
typedef struct chacha_ctx {
chacha_matrix a;
- octet buf[CHACHA_OUTSZ];
- size_t bufi;
+ octet b[CHACHA_OUTSZ];
+ unsigned off;
} chacha_ctx;
#define XCHACHA_DEFCTX(name) \
*/ \
\
void pre##_countergetiv(const pre##_counterctx *ctx, void *iv) \
-{ \
- BLKC_STORE(PRE, iv, ctx->n); \
-} \
+ { BLKC_STORE(PRE, iv, ctx->c); } \
\
/* --- @pre_countersetiv@ --- * \
* \
*/ \
\
void pre##_countersetiv(pre##_counterctx *ctx, const void *iv) \
-{ \
- BLKC_LOAD(PRE, ctx->n, iv); \
- ctx->off = PRE##_BLKSZ; \
-} \
+ { BLKC_LOAD(PRE, ctx->c, iv); ctx->off = PRE##_BLKSZ; } \
\
/* --- @pre_counterbdry@ --- * \
* \
*/ \
\
void pre##_counterbdry(pre##_counterctx *ctx) \
-{ \
- BLKC_STEP(PRE, ctx->n); \
- ctx->off = PRE##_BLKSZ; \
-} \
+ { BLKC_STEP(PRE, ctx->c); ctx->off = PRE##_BLKSZ; } \
\
/* --- @pre_countersetkey@ --- * \
* \
*/ \
\
void pre##_countersetkey(pre##_counterctx *ctx, const pre##_ctx *k) \
-{ \
- ctx->ctx = *k; \
-} \
+ { ctx->ctx = *k; } \
\
/* --- @pre_counterinit@ --- * \
* \
const void *iv) \
{ \
static const octet zero[PRE##_BLKSZ] = { 0 }; \
+ \
pre##_init(&ctx->ctx, key, sz); \
pre##_countersetiv(ctx, iv ? iv : zero); \
} \
const octet *s = src; \
octet *d = dest; \
unsigned off = ctx->off; \
+ uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
+ octet y; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- If I can deal with the block from my buffer, do that --- */ \
\
- if (sz < PRE##_BLKSZ - off) \
- goto small; \
+ if (sz < PRE##_BLKSZ - off) goto small; \
\
/* --- Finish off what's left in my buffer --- */ \
\
- if (!d) \
- sz -= PRE##_BLKSZ - off; \
- else { \
- while (off < PRE##_BLKSZ) { \
- register octet x = s ? *s++ : 0; \
- *d++ = ctx->buf[off++] ^ x; \
- sz--; \
- } \
- } \
+ if (!d) sz -= PRE##_BLKSZ - off; \
+ else while (off < PRE##_BLKSZ) \
+ { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \
\
/* --- Main encryption loop --- */ \
\
- { \
- uint32 n[PRE##_BLKSZ / 4]; \
- \
- for (;;) { \
- pre##_eblk(&ctx->ctx, ctx->n, n); \
- BLKC_STEP(PRE, ctx->n); \
- if (sz < PRE##_BLKSZ) \
- break; \
- if (d) { \
- if (!s) \
- BLKC_STORE(PRE, d, n); \
- else { \
- uint32 x[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, x, s); \
- BLKC_XSTORE(PRE, d, n, x); \
- s += PRE##_BLKSZ; \
- } \
- d += PRE##_BLKSZ; \
- } \
- sz -= PRE##_BLKSZ; \
+ for (;;) { \
+ pre##_eblk(&ctx->ctx, ctx->c, t); \
+ BLKC_STEP(PRE, ctx->c); \
+ if (sz < PRE##_BLKSZ) break; \
+ if (!d) /* do nothing */; \
+ else if (!s) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \
+ else { \
+ BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \
+ BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \
} \
- \
- BLKC_STORE(PRE, ctx->buf, n); \
- off = 0; \
+ sz -= PRE##_BLKSZ; \
} \
\
+ BLKC_STORE(PRE, ctx->b, t); \
+ off = 0; \
+ \
/* --- Tidying up the tail end --- */ \
\
if (sz) { \
small: \
- if (!d) \
- off += sz; \
- else do { \
- register octet x = s ? *s++ : 0; \
- *d++ = ctx->buf[off++] ^ x; \
- sz--; \
- } while (sz); \
+ if (!d) off += sz; \
+ else do { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \
+ while (sz); \
} \
\
/* --- Done --- */ \
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_counterencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_counterencrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static void gsetiv(gcipher *c, const void *iv) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_countersetiv(&g->k, iv); \
-} \
+ { gctx *g = (gctx *)c; pre##_countersetiv(&g->k, iv); } \
\
static void gbdry(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_counterbdry(&g->k); \
-} \
+ { gctx *g = (gctx *)c; pre##_counterbdry(&g->k); } \
\
static const gcipher_ops gops = { \
&pre##_counter, \
} \
break; \
case GRAND_SEEDINT: \
- BLKC_SET(PRE, g->k.n, va_arg(ap, unsigned)); \
+ BLKC_SET(PRE, g->k.c, va_arg(ap, unsigned)); \
g->k.off = PRE##_BLKSZ; \
break; \
case GRAND_SEEDUINT32: \
- BLKC_SET(PRE, g->k.n, va_arg(ap, uint32)); \
+ BLKC_SET(PRE, g->k.c, va_arg(ap, uint32)); \
g->k.off = PRE##_BLKSZ; \
break; \
case GRAND_SEEDBLOCK: { \
} \
\
static void grfill(grand *r, void *p, size_t sz) \
-{ \
- grctx *g = (grctx *)r; \
- pre##_counterencrypt(&g->k, 0, p, sz); \
-} \
+ { grctx *g = (grctx *)r; pre##_counterencrypt(&g->k, 0, p, sz); } \
\
static const grand_ops grops = { \
name "-counter", \
typedef struct pre##_counterctx { \
pre##_ctx ctx; /* Underlying cipher context */ \
unsigned off; /* Current offset in buffer */ \
- octet buf[PRE##_BLKSZ]; /* Output buffer */ \
- uint32 n[PRE##_BLKSZ / 4]; /* Counter */ \
+ octet b[PRE##_BLKSZ]; /* Output buffer */ \
+ uint32 c[PRE##_BLKSZ / 4]; /* Counter */ \
} pre##_counterctx; \
\
/* --- @pre_countergetiv@ --- * \
*/ \
\
void pre##_ecbsetkey(pre##_ecbctx *ctx, const pre##_ctx *k) \
-{ \
- ctx->ctx = *k; \
-} \
+ { ctx->ctx = *k; } \
\
/* --- @pre_ecbinit@ --- * \
* \
void pre##_ecbinit(pre##_ecbctx *ctx, \
const void *key, size_t sz, \
const void *iv) \
-{ \
- pre##_init(&ctx->ctx, key, sz); \
-} \
+ { pre##_init(&ctx->ctx, key, sz); } \
\
/* --- @pre_ecbencrypt@ --- * \
* \
{ \
const octet *s = src; \
octet *d = dest; \
+ uint32 t[PRE##_BLKSZ/4]; \
+ octet b[PRE##_BLKSZ]; \
+ octet y; \
+ unsigned i; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- Short blocks aren't allowed in ECB --- * \
* \
* Hopefully... \
*/ \
\
- while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
- uint32 x[PRE##_BLKSZ / 4]; \
- if (!s) \
- BLKC_ZERO(PRE, x); \
- else { \
- BLKC_LOAD(PRE, x, s); \
- s += PRE##_BLKSZ; \
- } \
- pre##_eblk(&ctx->ctx, x, x); \
- if (d) { \
- BLKC_STORE(PRE, d, x); \
- d += PRE##_BLKSZ; \
- } \
+ while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
+ if (!s) BLKC_ZERO(PRE, t); \
+ else { BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; } \
+ pre##_eblk(&ctx->ctx, t, t); \
+ if (d) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \
sz -= PRE##_BLKSZ; \
} \
\
*/ \
\
if (sz) { \
- uint32 x[PRE##_BLKSZ / 4]; \
- octet b[PRE##_BLKSZ]; \
- unsigned i; \
\
/* --- Let @sz@ be the size of the partial block --- */ \
\
* out yet, because I've not read the partial plaintext block. \
*/ \
\
- if (!s) \
- BLKC_ZERO(PRE, x); \
- else { \
- BLKC_LOAD(PRE, x, s); \
- s += PRE##_BLKSZ; \
- } \
- pre##_eblk(&ctx->ctx, x, x); \
- BLKC_STORE(PRE, b, x); \
+ if (!s) BLKC_ZERO(PRE, t); \
+ else { BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; } \
+ pre##_eblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, b, t); \
\
/* --- Second stage --- * \
* \
*/ \
\
if (d) d += PRE##_BLKSZ; \
- for (i = 0; i < sz; i++) { \
- register octet y = b[i]; \
- b[i] = s[i]; \
- if (d) d[i] = y; \
- } \
- BLKC_LOAD(PRE, x, b); \
- pre##_eblk(&ctx->ctx, x, x); \
- if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, x); \
+ for (i = 0; i < sz; i++) { y = b[i]; b[i] = s[i]; if (d) d[i] = y; } \
+ BLKC_LOAD(PRE, t, b); \
+ pre##_eblk(&ctx->ctx, t, t); \
+ if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, t); \
} \
\
/* --- Done --- */ \
{ \
const octet *s = src; \
octet *d = dest; \
+ uint32 t[PRE##_BLKSZ/4]; \
+ octet b[PRE##_BLKSZ]; \
+ octet y; \
+ unsigned i; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- Short blocks aren't allowed in ECB --- * \
* \
* Each block is just handed to the block cipher in turn. \
*/ \
\
- while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
- uint32 x[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, x, s); \
- pre##_dblk(&ctx->ctx, x, x); \
- BLKC_STORE(PRE, d, x); \
- s += PRE##_BLKSZ; \
- d += PRE##_BLKSZ; \
+ while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \
+ BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; \
+ pre##_dblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; \
sz -= PRE##_BLKSZ; \
} \
\
*/ \
\
if (sz) { \
- uint32 x[PRE##_BLKSZ / 4]; \
- octet b[PRE##_BLKSZ]; \
- unsigned i; \
\
/* --- Let @sz@ be the size of the partial block --- */ \
\
* is carried over for the next encryption operation. \
*/ \
\
- BLKC_LOAD(PRE, x, s); \
- pre##_dblk(&ctx->ctx, x, x); \
- BLKC_STORE(PRE, b, x); \
+ BLKC_LOAD(PRE, t, s); \
+ pre##_dblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, b, t); \
\
/* --- Second stage --- * \
* \
\
s += PRE##_BLKSZ; \
d += PRE##_BLKSZ; \
- for (i = 0; i < sz; i++) { \
- register octet y = s[i]; \
- d[i] = b[i]; \
- b[i] = y; \
- } \
- BLKC_LOAD(PRE, x, b); \
- pre##_dblk(&ctx->ctx, x, x); \
- BLKC_STORE(PRE, d - PRE##_BLKSZ, x); \
+ for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i]; b[i] = y; } \
+ BLKC_LOAD(PRE, t, b); \
+ pre##_dblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, d - PRE##_BLKSZ, t); \
} \
\
/* --- Done --- */ \
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_ecbencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_ecbencrypt(&g->k, s, t, sz); } \
\
static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_ecbdecrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_ecbdecrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static const gcipher_ops gops = { \
&pre##_ecb, \
pre##_ctx *_bctx = (ictx); \
size_t _bsz = (isz); \
const octet *_bbuf = (octet *)(ibuf); \
+ size_t _s; \
+ uint32 _l, _h; \
\
/* --- Add on the size done so far --- * \
* \
* how many bits you've actually got. \
*/ \
\
- { \
- uint32 _l = U32(_bsz); \
- uint32 _h = ((_bsz & ~(size_t)MASK32) >> 16) >> 16; \
- _bctx->nh += _h; \
- _bctx->nl += _l; \
- if (_bctx->nl < _l || _bctx->nl & ~(uint32)MASK32) \
- _bctx->nh++; \
- } \
+ _l = U32(_bsz); _h = ((_bsz & ~(size_t)MASK32) >> 16) >> 16; \
+ _bctx->nl += _l; if (_bctx->nl < _l || _bctx->nl & ~(uint32)MASK32) _h++; \
+ _bctx->nh += _h; \
\
/* --- Handle very small contributions --- */ \
\
- if (_bctx->off + _bsz < PRE##_BUFSZ) { \
- memcpy(_bctx->buf + _bctx->off, _bbuf, _bsz); \
- _bctx->off += _bsz; \
- } else { \
+ if (_bctx->off + _bsz < PRE##_BUFSZ) \
+ { memcpy(_bctx->buf + _bctx->off, _bbuf, _bsz); _bctx->off += _bsz; } \
+ else { \
\
/* --- Handle an initial partial buffer --- */ \
\
if (_bctx->off) { \
- size_t s = PRE##_BUFSZ - _bctx->off; \
- memcpy(_bctx->buf + _bctx->off, _bbuf, s); \
+ _s = PRE##_BUFSZ - _bctx->off; \
+ memcpy(_bctx->buf + _bctx->off, _bbuf, _s); \
pre##_compress(_bctx, _bctx->buf); \
- _bsz -= s; _bbuf += s; \
+ _bsz -= _s; _bbuf += _s; \
} \
\
/* --- Do whole buffers while we can --- */ \
\
/* --- And wrap up at the end --- */ \
\
- if (_bsz) \
- memcpy(_bctx->buf, _bbuf, _bsz); \
+ if (_bsz) memcpy(_bctx->buf, _bbuf, _bsz); \
_bctx->off = _bsz; \
} \
} while (0)
*/ \
\
void pre##_machash(pre##_macctx *ctx, const void *buf, size_t sz) \
-{ \
- pre##_hash(&ctx->ctx, buf, sz); \
-} \
+ { pre##_hash(&ctx->ctx, buf, sz); } \
\
/* --- @pre_macdone@ --- * \
* \
*/ \
\
void pre##_mgfkeybegin(pre##_mgfctx *k) \
-{ \
- k->c = 0; \
- k->bsz = 0; \
- pre##_init(&k->k); \
-} \
+ { k->c = 0; k->off = 0; pre##_init(&k->k); } \
\
void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \
-{ \
- pre##_hash(&k->k, p, sz); \
-} \
+ { pre##_hash(&k->k, p, sz); } \
\
/* ---- @pre_mgfinit@ --- * \
* \
*/ \
\
void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \
-{ \
- k->c = 0; \
- k->bsz = 0; \
- pre##_init(&k->k); \
- pre##_hash(&k->k, p, sz); \
-} \
+ { k->c = 0; k->off = 0; pre##_init(&k->k); pre##_hash(&k->k, p, sz); } \
\
/* --- @pre_mgfencrypt@ --- * \
* \
void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \
void *d, size_t sz) \
{ \
+ pre##_ctx h; \
const octet *ss = s; \
octet *dd = d; \
+ const octet *p; \
+ size_t off; \
\
/* --- Empty the buffer if there's anything there --- */ \
\
- if (k->bsz) { \
- const octet *p = k->buf + PRE##_HASHSZ - k->bsz; \
- size_t n = sz > k->bsz ? k->bsz : sz; \
- sz -= n; \
- k->bsz -= n; \
- if (dd) { \
- if (!ss) { \
- memcpy(dd, p, n); \
- dd += n; \
- } else { \
- while (n) { \
- *dd++ = *ss++ ^ *p++; \
- n--; \
- } \
- } \
- } \
+ if (k->off) { \
+ p = k->b + PRE##_HASHSZ - k->off; \
+ off = sz > k->off ? k->off : sz; \
+ sz -= off; k->off -= off; \
+ if (!dd) /* do nothing */; \
+ else if (!ss) { memcpy(dd, p, off); dd += off; } \
+ else while (off--) *dd++ = *ss++ ^ *p++; \
} \
\
/* --- While necessary, generate some more mask --- */ \
\
while (sz) { \
- pre##_ctx c = k->k; /* Not quick! */ \
- size_t n; \
- \
- STORE32(k->buf, k->c); \
- k->c++; \
- pre##_hash(&c, k->buf, 4); \
- pre##_done(&c, k->buf); \
- n = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \
- k->bsz = PRE##_HASHSZ - n; \
- sz -= n; \
- if (dd) { \
- const octet *p = k->buf; \
- if (!ss) { \
- memcpy(dd, p, n); \
- dd += n; \
- } else { \
- while (n) { \
- *dd++ = *ss++ ^ *p++; \
- n--; \
- } \
- } \
- } \
+ STORE32(k->b, k->c); k->c++; \
+ h = k->k; pre##_hash(&h, k->b, 4); pre##_done(&h, k->b); \
+ off = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \
+ k->off = PRE##_HASHSZ - off; \
+ sz -= off; \
+ p = k->b; \
+ if (!dd) /* do nothing */; \
+ else if (!ss) { memcpy(dd, p, off); dd += off; } \
+ else while (off--) *dd++ = *ss++ ^ *p++; \
} \
} \
\
*/ \
\
void pre##_mgfsetindex(pre##_mgfctx *k, uint32 c) \
-{ \
- k->c = c; \
- k->bsz = 0; \
-} \
+ { k->c = c; k->off = 0; } \
\
/* --- Generic cipher interface --- */ \
\
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_mgfencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_mgfencrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static const gcipher_ops gops = { \
&pre##_mgf, \
} \
\
static void grfill(grand *r, void *p, size_t sz) \
-{ \
- grctx *g = (grctx *)r; \
- pre##_mgfencrypt(&g->k, 0, p, sz); \
-} \
+ { grctx *g = (grctx *)r; pre##_mgfencrypt(&g->k, 0, p, sz); } \
\
static const grand_ops grops = { \
name "-mgf", \
typedef struct pre##_mgfctx { \
pre##_ctx k; /* Underlying key context */ \
uint32 c; /* Counter */ \
- octet buf[PRE##_HASHSZ]; /* Output buffer */ \
- size_t bsz; /* Size of buffered data */ \
+ octet b[PRE##_HASHSZ]; /* Output buffer */ \
+ unsigned off; /* Size of buffered data */ \
} pre##_mgfctx; \
\
/* --- Other useful constants --- */ \
octet *p = iv; \
unsigned off = ctx->off; \
unsigned rest = PRE##_BLKSZ - off; \
- memcpy(p, ctx->iv + off, rest); \
- memcpy(p + rest, ctx->iv, off); \
+ \
+ memcpy(p, ctx->b + off, rest); \
+ memcpy(p + rest, ctx->b, off); \
} \
\
/* --- @pre_ofbsetiv@ --- * \
*/ \
\
void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \
-{ \
- memcpy(ctx->iv, iv, PRE##_BLKSZ); \
- ctx->off = PRE##_BLKSZ; \
-} \
+ { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = PRE##_BLKSZ; } \
\
/* --- @pre_ofbbdry@ --- * \
* \
\
void pre##_ofbbdry(pre##_ofbctx *ctx) \
{ \
- uint32 niv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, niv, ctx->iv); \
- pre##_eblk(&ctx->ctx, niv, niv); \
- BLKC_STORE(PRE, ctx->iv, niv); \
+ uint32 t[PRE##_BLKSZ/4]; \
+ \
+ BLKC_LOAD(PRE, t, ctx->b); \
+ pre##_eblk(&ctx->ctx, t, t); \
+ BLKC_STORE(PRE, ctx->b, t); \
ctx->off = PRE##_BLKSZ; \
- BURN(niv); \
+ BURN(t); \
} \
\
/* --- @pre_ofbsetkey@ --- * \
*/ \
\
void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \
-{ \
- ctx->ctx = *k; \
-} \
+ { ctx->ctx = *k; } \
\
/* --- @pre_ofbinit@ --- * \
* \
const void *iv) \
{ \
static const octet zero[PRE##_BLKSZ] = { 0 }; \
+ \
pre##_init(&ctx->ctx, key, sz); \
pre##_ofbsetiv(ctx, iv ? iv : zero); \
} \
const octet *s = src; \
octet *d = dest; \
unsigned off = ctx->off; \
+ uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \
+ octet y; \
\
/* --- Empty blocks are trivial --- */ \
\
- if (!sz) \
- return; \
+ if (!sz) return; \
\
/* --- If I can deal with the block from my buffer, do that --- */ \
\
- if (sz < PRE##_BLKSZ - off) \
- goto small; \
+ if (sz < PRE##_BLKSZ - off) goto small; \
\
/* --- Finish off what's left in my buffer --- */ \
\
- if (!d) \
- sz -= PRE##_BLKSZ - off; \
- else { \
- while (off < PRE##_BLKSZ) { \
- register octet x = s ? *s++ : 0; \
- *d++ = ctx->iv[off++] ^ x; \
- sz--; \
- } \
- } \
+ if (!d) sz -= PRE##_BLKSZ - off; \
+ else while (off < PRE##_BLKSZ) \
+ { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \
\
/* --- Main encryption loop --- */ \
\
- { \
- uint32 iv[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, iv, ctx->iv); \
- \
- for (;;) { \
- pre##_eblk(&ctx->ctx, iv, iv); \
- if (sz < PRE##_BLKSZ) \
- break; \
- if (d) { \
- if (!s) \
- BLKC_STORE(PRE, d, iv); \
- else { \
- uint32 x[PRE##_BLKSZ / 4]; \
- BLKC_LOAD(PRE, x, s); \
- BLKC_XSTORE(PRE, d, iv, x); \
- s += PRE##_BLKSZ; \
- } \
- d += PRE##_BLKSZ; \
- } \
- sz -= PRE##_BLKSZ; \
- } \
+ BLKC_LOAD(PRE, t, ctx->b); \
\
- BLKC_STORE(PRE, ctx->iv, iv); \
- off = 0; \
+ for (;;) { \
+ pre##_eblk(&ctx->ctx, t, t); \
+ if (sz < PRE##_BLKSZ) break; \
+ if (!d) /* do nothing */; \
+ else if (!s) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \
+ else { \
+ BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \
+ BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \
+ } \
+ sz -= PRE##_BLKSZ; \
} \
\
+ BLKC_STORE(PRE, ctx->b, t); \
+ off = 0; \
+ \
/* --- Tidying up the tail end --- */ \
\
if (sz) { \
small: \
- if (!d) \
- off += sz; \
- else do { \
- register octet x = s ? *s++ : 0; \
- *d++ = ctx->iv[off++] ^ x; \
- sz--; \
- } while (sz); \
+ if (!d) off += sz; \
+ else do { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \
+ while (sz); \
} \
\
/* --- Done --- */ \
} \
\
static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_ofbencrypt(&g->k, s, t, sz); \
-} \
+ { gctx *g = (gctx *)c; pre##_ofbencrypt(&g->k, s, t, sz); } \
\
static void gdestroy(gcipher *c) \
-{ \
- gctx *g = (gctx *)c; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \
\
static void gsetiv(gcipher *c, const void *iv) \
-{ \
- gctx *g = (gctx *)c; \
- pre##_ofbsetiv(&g->k, iv); \
-} \
+ { gctx *g = (gctx *)c; pre##_ofbsetiv(&g->k, iv); } \
\
static void gbdry(gcipher *c) \
{ \
} grctx; \
\
static void grdestroy(grand *r) \
-{ \
- grctx *g = (grctx *)r; \
- BURN(*g); \
- S_DESTROY(g); \
-} \
+ { grctx *g = (grctx *)r; BURN(*g); S_DESTROY(g); } \
\
static int grmisc(grand *r, unsigned op, ...) \
{ \
} \
\
static void grfill(grand *r, void *p, size_t sz) \
-{ \
- grctx *g = (grctx *)r; \
- pre##_ofbencrypt(&g->k, 0, p, sz); \
-} \
+ { grctx *g = (grctx *)r; pre##_ofbencrypt(&g->k, 0, p, sz); } \
\
static const grand_ops grops = { \
name "-ofb", \
typedef struct pre##_ofbctx { \
pre##_ctx ctx; /* Underlying cipher context */ \
unsigned off; /* Current offset in buffer */ \
- octet iv[PRE##_BLKSZ]; /* Output buffer and IV */ \
+ octet b[PRE##_BLKSZ]; /* Output buffer and IV */ \
} pre##_ofbctx; \
\
/* --- @pre_ofbgetiv@ --- * \
*/
#define SALSA20_PREPBUF(ctx, a) do { \
int _i; \
- for (_i = 0; _i < 16; _i++) STORE32_L((ctx)->buf + 4*_i, (a)[_i]); \
- (ctx)->bufi = 0; \
+ for (_i = 0; _i < 16; _i++) STORE32_L((ctx)->b + 4*_i, (a)[_i]); \
+ (ctx)->off = 0; \
} while (0)
/* Write at most @n@ bytes of buffered output from the context @ctx@ to the
* @n@ is decreased appropriately.
*/
#define SALSA20_OUTBUF(ctx, d, s, n) do { \
- size_t _n = (n), _left = SALSA20_OUTSZ - (ctx)->bufi; \
+ size_t _n = (n), _left = SALSA20_OUTSZ - (ctx)->off; \
if (_n > _left) _n = _left; \
(n) -= _n; \
- if (!(d)) (ctx)->bufi += _n; \
- else if (s) while (_n--) *(d)++ = (ctx)->buf[(ctx)->bufi++] ^ *(s)++; \
- else while (_n--) *(d)++ = (ctx)->buf[(ctx)->bufi++]; \
+ if (!(d)) (ctx)->off += _n; \
+ else if (s) while (_n--) *(d)++ = (ctx)->b[(ctx)->off++] ^ *(s)++; \
+ else while (_n--) *(d)++ = (ctx)->b[(ctx)->off++]; \
} while (0)
/*----- Variants and naming -----------------------------------------------*/
void salsa20_seeku64(salsa20_ctx *ctx, kludge64 i)
{
ctx->a[8] = LO64(i); ctx->a[5] = HI64(i);
- ctx->bufi = SALSA20_OUTSZ;
+ ctx->off = SALSA20_OUTSZ;
}
void salsa20_seek_ietf(salsa20_ctx *ctx, uint32 i)
typedef struct salsa20_ctx {
salsa20_matrix a;
- octet buf[SALSA20_OUTSZ];
- size_t bufi;
+ octet b[SALSA20_OUTSZ];
+ unsigned off;
} salsa20_ctx;
#define XSALSA20_DEFCTX(name) \