From 0fee61eb2ff1807c5f32a34499ef2753b6fcd9a5 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 28 Oct 2018 17:45:18 +0000 Subject: [PATCH] symm/...: Reformat encryption mode loops and related code. * Rename the various variables consistently. Now `off' is the progress into a buffer, `b' is the buffer or reservoir, `t' and `u' are temporary internal-format blocks, `y' is a temporary octet. * Hoist variable declarations to function top-levels. * Squish compound statement bodies vertically. * Invert some conditions to reduce nesting depth. * Move loop-variable updates closer to where the thing they measure is actually used. * Elide pointless use of `register' storage class. * Remove spaces around diadic `*' and `/' operators. --- symm/blkc.h | 24 ++++---- symm/cbc-def.h | 146 ++++++++++++++++------------------------------ symm/cbc.h | 2 +- symm/cfb-def.h | 164 +++++++++++++++++++--------------------------------- symm/cfb.h | 2 +- symm/chacha.c | 2 +- symm/chacha.h | 4 +- symm/counter-def.h | 115 +++++++++++------------------------- symm/counter.h | 4 +- symm/ecb-def.h | 115 +++++++++++++----------------------- symm/hash.h | 29 ++++------ symm/hmac-def.h | 4 +- symm/mgf-def.h | 95 +++++++++--------------------- symm/mgf.h | 4 +- symm/ofb-def.h | 120 +++++++++++++------------------------- symm/ofb.h | 2 +- symm/salsa20-core.h | 12 ++-- symm/salsa20.c | 2 +- symm/salsa20.h | 4 +- 19 files changed, 296 insertions(+), 554 deletions(-) diff --git a/symm/blkc.h b/symm/blkc.h index e0837521..608dfcd0 100644 --- a/symm/blkc.h +++ b/symm/blkc.h @@ -120,15 +120,15 @@ guts \ } while (0) -#define BLKC_P(p) register octet *_p = (octet *)(p) -#define BLKC_W(w) register uint32 *_w = (w) -#define BLKC_WX(wx) register uint32 *_wx = (wx) +#define BLKC_P(p) octet *_p = (octet *)(p) +#define BLKC_W(w) uint32 *_w = (w) +#define BLKC_WX(wx) uint32 *_wx = (wx) /* --- Implementation for unusual block sizes --- */ #define BLKC_SKEL_X(PRE, decl, guts) \ BLKC_SKEL(PRE, unsigned _i; decl, \ - for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \ + for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \ guts \ }) @@ -160,27 +160,27 @@ BLKC_SKEL_X(PRE, BLKC_W(w);, *_w++ = 0;) #define BLKC_STEP_X_B(PRE, w) do { \ - unsigned _i = PRE##_BLKSZ / 4; BLKC_W(w); uint32 _x = 0; \ + unsigned _i = PRE##_BLKSZ/4; BLKC_W(w); uint32 _x = 0; \ while (_i && !_x) { _i--; _w[_i] = _x = U32(_w[_i] + 1); } \ } while (0) #define BLKC_STEP_X_L(PRE, w) do { \ unsigned _i = 0; BLKC_W(w); uint32 _x = 0; \ - while (_i < PRE##_BLKSZ / 4 && !_x) \ + while (_i < PRE##_BLKSZ/4 && !_x) \ { _w[_i] = _x = U32(_w[_i] + 1); _i++; } \ } while (0) #define BLKC_SET_X_B(PRE, w, x) do { \ unsigned _i; BLKC_W(w); unsigned long _x = x; \ - for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \ + for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \ *_w++ = U32(_x); \ _x = ((_x & ~(unsigned long)MASK32) >> 16) >> 16; \ } \ } while (0) #define BLKC_SET_X_L(PRE, w, x) do { \ - unsigned _i; BLKC_W(w); unsigned long _x = x; _w += PRE##_BLKSZ / 4; \ - for (_i = 0; _i < PRE##_BLKSZ / 4; _i++) { \ + unsigned _i; BLKC_W(w); unsigned long _x = x; _w += PRE##_BLKSZ/4; \ + for (_i = 0; _i < PRE##_BLKSZ/4; _i++) { \ *--_w = U32(_x); \ _x = ((_x & ~(unsigned long)MASK32) >> 16) >> 16; \ } \ @@ -267,9 +267,9 @@ static int pre##_verify(dstr *v) \ { \ pre##_ctx k; \ - uint32 p[PRE##_BLKSZ / 4]; \ - uint32 c[PRE##_BLKSZ / 4]; \ - uint32 d[PRE##_BLKSZ / 4]; \ + uint32 p[PRE##_BLKSZ/4]; \ + uint32 c[PRE##_BLKSZ/4]; \ + uint32 d[PRE##_BLKSZ/4]; \ dstr b = DSTR_INIT; \ int ok = 1; \ \ diff --git a/symm/cbc-def.h b/symm/cbc-def.h index 3a5c9a2b..59c76f8a 100644 --- a/symm/cbc-def.h +++ b/symm/cbc-def.h @@ -81,9 +81,7 @@ */ \ \ void pre##_cbcgetiv(const pre##_cbcctx *ctx, void *iv) \ -{ \ - BLKC_STORE(PRE, iv, ctx->iv); \ -} \ + { BLKC_STORE(PRE, iv, ctx->a); } \ \ /* --- @pre_cbcsetiv@ --- * \ * \ @@ -96,9 +94,7 @@ void pre##_cbcgetiv(const pre##_cbcctx *ctx, void *iv) \ */ \ \ void pre##_cbcsetiv(pre##_cbcctx *ctx, const void *iv) \ -{ \ - BLKC_LOAD(PRE, ctx->iv, iv); \ -} \ + { BLKC_LOAD(PRE, ctx->a, iv); } \ \ /* --- @pre_cbcsetkey@ --- * \ * \ @@ -111,9 +107,7 @@ void pre##_cbcsetiv(pre##_cbcctx *ctx, const void *iv) \ */ \ \ void pre##_cbcsetkey(pre##_cbcctx *ctx, const pre##_ctx *k) \ -{ \ - ctx->ctx = *k; \ -} \ + { ctx->ctx = *k; } \ \ /* --- @pre_cbcinit@ --- * \ * \ @@ -135,8 +129,9 @@ void pre##_cbcinit(pre##_cbcctx *ctx, \ const void *iv) \ { \ static const octet zero[PRE##_BLKSZ] = { 0 }; \ + \ pre##_init(&ctx->ctx, key, sz); \ - BLKC_LOAD(PRE, ctx->iv, iv ? iv : zero); \ + BLKC_LOAD(PRE, ctx->a, iv ? iv : zero); \ } \ \ /* --- @pre_cbcencrypt@ --- * \ @@ -160,11 +155,13 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ { \ const octet *s = src; \ octet *d = dest; \ + octet b[PRE##_BLKSZ]; \ + octet y; \ + unsigned i; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- Extra magical case for a short block --- * \ * \ @@ -174,18 +171,12 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ */ \ \ if (sz < PRE##_BLKSZ) { \ - octet b[PRE##_BLKSZ]; \ - unsigned i; \ - \ - pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \ - BLKC_STORE(PRE, b, ctx->iv); \ - if (d) { \ - for (i = 0; i < sz; i++) \ - d[i] = b[i] ^ (s ? s[i] : 0); \ - } \ + pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \ + BLKC_STORE(PRE, b, ctx->a); \ + if (d) { for (i = 0; i < sz; i++) d[i] = b[i] ^ (s ? s[i] : 0); } \ memmove(b, b + sz, PRE##_BLKSZ - sz); \ memcpy(b + PRE##_BLKSZ - sz, d, sz); \ - BLKC_LOAD(PRE, ctx->iv, b); \ + BLKC_LOAD(PRE, ctx->a, b); \ return; \ } \ \ @@ -196,16 +187,10 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ * and keep a copy of the ciphertext for the next block. \ */ \ \ - while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ - if (s) { \ - BLKC_XLOAD(PRE, ctx->iv, s); \ - s += PRE##_BLKSZ; \ - } \ - pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \ - if (d) { \ - BLKC_STORE(PRE, d, ctx->iv); \ - d += PRE##_BLKSZ; \ - } \ + while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ + if (s) { BLKC_XLOAD(PRE, ctx->a, s); s += PRE##_BLKSZ; } \ + pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \ + if (d) { BLKC_STORE(PRE, d, ctx->a); d += PRE##_BLKSZ; } \ sz -= PRE##_BLKSZ; \ } \ \ @@ -215,8 +200,6 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ */ \ \ if (sz) { \ - octet b[PRE##_BLKSZ]; \ - unsigned i; \ \ /* --- Let @sz@ be the size of the partial block --- */ \ \ @@ -230,9 +213,9 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ * block. \ */ \ \ - if (s) BLKC_XLOAD(PRE, ctx->iv, s); \ - pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \ - BLKC_STORE(PRE, b, ctx->iv); \ + if (s) BLKC_XLOAD(PRE, ctx->a, s); \ + pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \ + BLKC_STORE(PRE, b, ctx->a); \ \ /* --- Second stage --- * \ * \ @@ -244,13 +227,13 @@ void pre##_cbcencrypt(pre##_cbcctx *ctx, \ if (s) s += PRE##_BLKSZ; \ if (d) d += PRE##_BLKSZ; \ for (i = 0; i < sz; i++) { \ - register octet x = b[i]; \ + y = b[i]; \ if (s) b[i] ^= s[i]; \ - if (d) d[i] = x; \ + if (d) d[i] = y; \ } \ - BLKC_LOAD(PRE, ctx->iv, b); \ - pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \ - if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, ctx->iv); \ + BLKC_LOAD(PRE, ctx->a, b); \ + pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \ + if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, ctx->a); \ } \ \ /* --- Done --- */ \ @@ -279,11 +262,14 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ { \ const octet *s = src; \ octet *d = dest; \ + uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \ + octet b[PRE##_BLKSZ], c[PRE##_BLKSZ]; \ + octet y; \ + unsigned i; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- Extra magical case for a short block --- * \ * \ @@ -293,19 +279,12 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ */ \ \ if (sz < PRE##_BLKSZ) { \ - octet b[PRE##_BLKSZ], c[PRE##_BLKSZ]; \ - unsigned i; \ - \ - pre##_eblk(&ctx->ctx, ctx->iv, ctx->iv); \ - BLKC_STORE(PRE, b, ctx->iv); \ - for (i = 0; i < sz; i++) { \ - register octet x = s[i]; \ - d[i] = b[i] ^ x; \ - c[i] = x; \ - } \ + pre##_eblk(&ctx->ctx, ctx->a, ctx->a); \ + BLKC_STORE(PRE, b, ctx->a); \ + for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i] ^ y; c[i] = y; } \ memmove(b, b + sz, PRE##_BLKSZ - sz); \ memcpy(b + PRE##_BLKSZ - sz, c, sz); \ - BLKC_LOAD(PRE, ctx->iv, b); \ + BLKC_LOAD(PRE, ctx->a, b); \ return; \ } \ \ @@ -316,14 +295,11 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ * and keep a copy of the ciphertext for the next block. \ */ \ \ - while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ - uint32 b[PRE##_BLKSZ / 4], niv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, niv, s); \ - pre##_dblk(&ctx->ctx, niv, b); \ - BLKC_XSTORE(PRE, d, b, ctx->iv); \ - BLKC_MOVE(PRE, ctx->iv, niv); \ - s += PRE##_BLKSZ; \ - d += PRE##_BLKSZ; \ + while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ + BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; \ + pre##_dblk(&ctx->ctx, t, u); \ + BLKC_XSTORE(PRE, d, u, ctx->a); d += PRE##_BLKSZ; \ + BLKC_MOVE(PRE, ctx->a, t); \ sz -= PRE##_BLKSZ; \ } \ \ @@ -333,9 +309,6 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ */ \ \ if (sz) { \ - octet b[PRE##_BLKSZ]; \ - uint32 bk[PRE##_BLKSZ / 4], niv[PRE##_BLKSZ / 4]; \ - unsigned i; \ \ /* --- Let @sz@ be the size of the partial block --- */ \ \ @@ -347,8 +320,8 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ * is carried over for the next encryption operation. \ */ \ \ - BLKC_LOAD(PRE, niv, s); \ - pre##_dblk(&ctx->ctx, niv, bk); \ + BLKC_LOAD(PRE, t, s); \ + pre##_dblk(&ctx->ctx, t, u); \ \ /* --- Second stage --- * \ * \ @@ -358,14 +331,10 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ * three. \ */ \ \ - BLKC_STORE(PRE, b, bk); \ + BLKC_STORE(PRE, b, u); \ s += PRE##_BLKSZ; \ d += PRE##_BLKSZ; \ - for (i = 0; i < sz; i++) { \ - register octet x = s[i]; \ - d[i] = b[i] ^ x; \ - b[i] = x; \ - } \ + for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i] ^ y; b[i] = y; } \ \ /* --- Third stage --- * \ * \ @@ -373,10 +342,10 @@ void pre##_cbcdecrypt(pre##_cbcctx *ctx, \ * recover the complete plaintext block. \ */ \ \ - BLKC_LOAD(PRE, bk, b); \ - pre##_dblk(&ctx->ctx, bk, bk); \ - BLKC_XSTORE(PRE, d - PRE##_BLKSZ, bk, ctx->iv); \ - BLKC_MOVE(PRE, ctx->iv, niv); \ + BLKC_LOAD(PRE, u, b); \ + pre##_dblk(&ctx->ctx, u, u); \ + BLKC_XSTORE(PRE, d - PRE##_BLKSZ, u, ctx->a); \ + BLKC_MOVE(PRE, ctx->a, t); \ } \ \ /* --- Done --- */ \ @@ -402,29 +371,16 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cbcencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_cbcencrypt(&g->k, s, t, sz); } \ \ static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cbcdecrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_cbcdecrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static void gsetiv(gcipher *c, const void *iv) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cbcsetiv(&g->k, iv); \ -} \ + { gctx *g = (gctx *)c; pre##_cbcsetiv(&g->k, iv); } \ \ static const gcipher_ops gops = { \ &pre##_cbc, \ diff --git a/symm/cbc.h b/symm/cbc.h index 5f1f22aa..7b21eea0 100644 --- a/symm/cbc.h +++ b/symm/cbc.h @@ -57,7 +57,7 @@ \ typedef struct pre##_cbcctx { \ pre##_ctx ctx; /* Underlying cipher context */ \ - uint32 iv[PRE##_BLKSZ / 4]; /* Previous ciphertext or IV */ \ + uint32 a[PRE##_BLKSZ/4]; /* Previous ciphertext or IV */ \ } pre##_cbcctx; \ \ /* --- @pre_cbcgetiv@ --- * \ diff --git a/symm/cfb-def.h b/symm/cfb-def.h index 5432467c..8040d943 100644 --- a/symm/cfb-def.h +++ b/symm/cfb-def.h @@ -90,8 +90,9 @@ void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv) \ octet *p = iv; \ unsigned off = ctx->off; \ unsigned rest = PRE##_BLKSZ - off; \ - memcpy(p, ctx->iv + off, rest); \ - memcpy(p + rest, ctx->iv, off); \ + \ + memcpy(p, ctx->b + off, rest); \ + memcpy(p + rest, ctx->b, off); \ } \ \ /* --- @pre_cfbsetiv@ --- * \ @@ -105,10 +106,7 @@ void pre##_cfbgetiv(const pre##_cfbctx *ctx, void *iv) \ */ \ \ void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv) \ -{ \ - memcpy(ctx->iv, iv, PRE##_BLKSZ); \ - ctx->off = PRE##_BLKSZ; \ -} \ + { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = PRE##_BLKSZ; } \ \ /* --- @pre_cfbbdry@ --- * \ * \ @@ -122,12 +120,13 @@ void pre##_cfbsetiv(pre##_cfbctx *ctx, const void *iv) \ \ void pre##_cfbbdry(pre##_cfbctx *ctx) \ { \ - uint32 niv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, niv, ctx->iv); \ - pre##_eblk(&ctx->ctx, niv, niv); \ - BLKC_STORE(PRE, ctx->iv, niv); \ + uint32 t[PRE##_BLKSZ/4]; \ + \ + BLKC_LOAD(PRE, t, ctx->b); \ + pre##_eblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, ctx->b, t); \ ctx->off = PRE##_BLKSZ; \ - BURN(niv); \ + BURN(t); \ } \ \ /* --- @pre_cfbsetkey@ --- * \ @@ -141,10 +140,7 @@ void pre##_cfbbdry(pre##_cfbctx *ctx) \ */ \ \ void pre##_cfbsetkey(pre##_cfbctx *ctx, const pre##_ctx *k) \ -{ \ - ctx->ctx = *k; \ - ctx->off = PRE##_BLKSZ; \ -} \ + { ctx->ctx = *k; ctx->off = PRE##_BLKSZ; } \ \ /* --- @pre_cfbinit@ --- * \ * \ @@ -167,6 +163,7 @@ void pre##_cfbinit(pre##_cfbctx *ctx, \ const void *iv) \ { \ static const octet zero[PRE##_BLKSZ] = { 0 }; \ + \ pre##_init(&ctx->ctx, key, sz); \ pre##_cfbsetiv(ctx, iv ? iv : zero); \ } \ @@ -192,61 +189,50 @@ void pre##_cfbencrypt(pre##_cfbctx *ctx, \ const octet *s = src; \ octet *d = dest; \ unsigned off = ctx->off; \ + uint32 t[PRE##_BLKSZ/4]; \ + octet y; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- If I can deal with the block from my buffer, do that --- */ \ \ - if (sz < PRE##_BLKSZ - off) \ - goto small; \ + if (sz < PRE##_BLKSZ - off) goto small; \ \ /* --- Finish off what's left in my buffer --- */ \ \ while (off < PRE##_BLKSZ) { \ - register octet x = *s++; \ - ctx->iv[off] ^= x; \ - if (d) *d++ = ctx->iv[off]; \ - off++; \ - sz--; \ + y = s ? *s++ : 0; \ + ctx->b[off] ^= y; \ + if (d) *d++ = ctx->b[off]; \ + off++; sz--; \ } \ \ /* --- Main encryption loop --- */ \ \ - { \ - uint32 iv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, iv, ctx->iv); \ - \ - for (;;) { \ - pre##_eblk(&ctx->ctx, iv, iv); \ - if (sz < PRE##_BLKSZ) \ - break; \ - if (s) { \ - BLKC_XLOAD(PRE, iv, s); \ - s += PRE##_BLKSZ; \ - } \ - if (d) { \ - BLKC_STORE(PRE, d, iv); \ - d += PRE##_BLKSZ; \ - } \ - sz -= PRE##_BLKSZ; \ - } \ - off = 0; \ - BLKC_STORE(PRE, ctx->iv, iv); \ + BLKC_LOAD(PRE, t, ctx->b); \ + \ + for (;;) { \ + pre##_eblk(&ctx->ctx, t, t); \ + if (sz < PRE##_BLKSZ) break; \ + if (s) { BLKC_XLOAD(PRE, t, s); s += PRE##_BLKSZ; } \ + if (d) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \ + sz -= PRE##_BLKSZ; \ } \ \ + BLKC_STORE(PRE, ctx->b, t); \ + off = 0; \ + \ /* --- Tidying up the tail end --- */ \ \ if (sz) { \ small: \ do { \ - register octet x = *s++; \ - ctx->iv[off] ^= x; \ - if (d) *d++ = ctx->iv[off]; \ - off++; \ - sz--; \ + y = s ? *s++ : 0; \ + ctx->b[off] ^= y; \ + if (d) *d++ = ctx->b[off]; \ + off++; sz--; \ } while (sz); \ } \ \ @@ -277,58 +263,44 @@ void pre##_cfbdecrypt(pre##_cfbctx *ctx, \ const octet *s = src; \ octet *d = dest; \ unsigned off = ctx->off; \ + uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \ + octet y; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- If I can deal with the block from my buffer, do that --- */ \ \ - if (sz < PRE##_BLKSZ - off) \ - goto small; \ + if (sz < PRE##_BLKSZ - off) goto small; \ \ /* --- Finish off what's left in my buffer --- */ \ \ - while (off < PRE##_BLKSZ) { \ - register octet x = *s++; \ - *d++ = ctx->iv[off] ^ x; \ - ctx->iv[off++] = x; \ - sz--; \ - } \ + while (off < PRE##_BLKSZ) \ + { y = *s++; *d++ = ctx->b[off] ^ y; ctx->b[off++] = y; sz--; } \ \ /* --- Main encryption loop --- */ \ \ - { \ - uint32 iv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, iv, ctx->iv); \ - \ - for (;;) { \ - uint32 x[PRE##_BLKSZ / 4]; \ - pre##_eblk(&ctx->ctx, iv, iv); \ - if (sz < PRE##_BLKSZ) \ - break; \ - BLKC_LOAD(PRE, x, s); \ - BLKC_XSTORE(PRE, d, iv, x); \ - BLKC_MOVE(PRE, iv, x); \ - s += PRE##_BLKSZ; \ - d += PRE##_BLKSZ; \ - sz -= PRE##_BLKSZ; \ - } \ - off = 0; \ - BLKC_STORE(PRE, ctx->iv, iv); \ + BLKC_LOAD(PRE, t, ctx->b); \ + \ + for (;;) { \ + pre##_eblk(&ctx->ctx, t, t); \ + if (sz < PRE##_BLKSZ) break; \ + BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \ + BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \ + BLKC_MOVE(PRE, t, u); \ + sz -= PRE##_BLKSZ; \ } \ \ + BLKC_STORE(PRE, ctx->b, t); \ + off = 0; \ + \ /* --- Tidying up the tail end --- */ \ \ if (sz) { \ small: \ - do { \ - register octet x = *s++; \ - *d++ = ctx->iv[off] ^ x; \ - ctx->iv[off++] = x; \ - sz--; \ - } while (sz); \ + do { y = *s++; *d++ = ctx->b[off] ^ y; ctx->b[off++] = y; sz--; } \ + while (sz); \ } \ \ /* --- Done --- */ \ @@ -355,35 +327,19 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cfbencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_cfbencrypt(&g->k, s, t, sz); } \ \ static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cfbdecrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_cfbdecrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static void gsetiv(gcipher *c, const void *iv) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cfbsetiv(&g->k, iv); \ -} \ + { gctx *g = (gctx *)c; pre##_cfbsetiv(&g->k, iv); } \ \ static void gbdry(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_cfbbdry(&g->k); \ -} \ + { gctx *g = (gctx *)c; pre##_cfbbdry(&g->k); } \ \ static const gcipher_ops gops = { \ &pre##_cfb, \ diff --git a/symm/cfb.h b/symm/cfb.h index c357115c..ddaa5fd3 100644 --- a/symm/cfb.h +++ b/symm/cfb.h @@ -58,7 +58,7 @@ typedef struct pre##_cfbctx { \ pre##_ctx ctx; /* Underlying cipher context */ \ unsigned off; /* Offset into @iv@ buffer */ \ - octet iv[PRE##_BLKSZ]; /* Previous ciphertext or IV */ \ + octet b[PRE##_BLKSZ]; /* Previous ciphertext or IV */ \ } pre##_cfbctx; \ \ /* --- @pre_cfbgetiv@ --- * \ diff --git a/symm/chacha.c b/symm/chacha.c index 9b83eea5..a554c190 100644 --- a/symm/chacha.c +++ b/symm/chacha.c @@ -224,7 +224,7 @@ void chacha_seek(chacha_ctx *ctx, unsigned long i) void chacha_seeku64(chacha_ctx *ctx, kludge64 i) { ctx->a[12] = LO64(i); ctx->a[13] = HI64(i); - ctx->bufi = CHACHA_OUTSZ; + ctx->off = CHACHA_OUTSZ; } void chacha_seek_ietf(chacha_ctx *ctx, uint32 i) diff --git a/symm/chacha.h b/symm/chacha.h index 994cfa2b..490c03b2 100644 --- a/symm/chacha.h +++ b/symm/chacha.h @@ -64,8 +64,8 @@ typedef uint32 chacha_matrix[16]; typedef struct chacha_ctx { chacha_matrix a; - octet buf[CHACHA_OUTSZ]; - size_t bufi; + octet b[CHACHA_OUTSZ]; + unsigned off; } chacha_ctx; #define XCHACHA_DEFCTX(name) \ diff --git a/symm/counter-def.h b/symm/counter-def.h index 2744430c..8ec798d6 100644 --- a/symm/counter-def.h +++ b/symm/counter-def.h @@ -84,9 +84,7 @@ */ \ \ void pre##_countergetiv(const pre##_counterctx *ctx, void *iv) \ -{ \ - BLKC_STORE(PRE, iv, ctx->n); \ -} \ + { BLKC_STORE(PRE, iv, ctx->c); } \ \ /* --- @pre_countersetiv@ --- * \ * \ @@ -99,10 +97,7 @@ void pre##_countergetiv(const pre##_counterctx *ctx, void *iv) \ */ \ \ void pre##_countersetiv(pre##_counterctx *ctx, const void *iv) \ -{ \ - BLKC_LOAD(PRE, ctx->n, iv); \ - ctx->off = PRE##_BLKSZ; \ -} \ + { BLKC_LOAD(PRE, ctx->c, iv); ctx->off = PRE##_BLKSZ; } \ \ /* --- @pre_counterbdry@ --- * \ * \ @@ -115,10 +110,7 @@ void pre##_countersetiv(pre##_counterctx *ctx, const void *iv) \ */ \ \ void pre##_counterbdry(pre##_counterctx *ctx) \ -{ \ - BLKC_STEP(PRE, ctx->n); \ - ctx->off = PRE##_BLKSZ; \ -} \ + { BLKC_STEP(PRE, ctx->c); ctx->off = PRE##_BLKSZ; } \ \ /* --- @pre_countersetkey@ --- * \ * \ @@ -131,9 +123,7 @@ void pre##_counterbdry(pre##_counterctx *ctx) \ */ \ \ void pre##_countersetkey(pre##_counterctx *ctx, const pre##_ctx *k) \ -{ \ - ctx->ctx = *k; \ -} \ + { ctx->ctx = *k; } \ \ /* --- @pre_counterinit@ --- * \ * \ @@ -156,6 +146,7 @@ void pre##_counterinit(pre##_counterctx *ctx, \ const void *iv) \ { \ static const octet zero[PRE##_BLKSZ] = { 0 }; \ + \ pre##_init(&ctx->ctx, key, sz); \ pre##_countersetiv(ctx, iv ? iv : zero); \ } \ @@ -183,68 +174,48 @@ void pre##_counterencrypt(pre##_counterctx *ctx, \ const octet *s = src; \ octet *d = dest; \ unsigned off = ctx->off; \ + uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \ + octet y; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- If I can deal with the block from my buffer, do that --- */ \ \ - if (sz < PRE##_BLKSZ - off) \ - goto small; \ + if (sz < PRE##_BLKSZ - off) goto small; \ \ /* --- Finish off what's left in my buffer --- */ \ \ - if (!d) \ - sz -= PRE##_BLKSZ - off; \ - else { \ - while (off < PRE##_BLKSZ) { \ - register octet x = s ? *s++ : 0; \ - *d++ = ctx->buf[off++] ^ x; \ - sz--; \ - } \ - } \ + if (!d) sz -= PRE##_BLKSZ - off; \ + else while (off < PRE##_BLKSZ) \ + { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \ \ /* --- Main encryption loop --- */ \ \ - { \ - uint32 n[PRE##_BLKSZ / 4]; \ - \ - for (;;) { \ - pre##_eblk(&ctx->ctx, ctx->n, n); \ - BLKC_STEP(PRE, ctx->n); \ - if (sz < PRE##_BLKSZ) \ - break; \ - if (d) { \ - if (!s) \ - BLKC_STORE(PRE, d, n); \ - else { \ - uint32 x[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, x, s); \ - BLKC_XSTORE(PRE, d, n, x); \ - s += PRE##_BLKSZ; \ - } \ - d += PRE##_BLKSZ; \ - } \ - sz -= PRE##_BLKSZ; \ + for (;;) { \ + pre##_eblk(&ctx->ctx, ctx->c, t); \ + BLKC_STEP(PRE, ctx->c); \ + if (sz < PRE##_BLKSZ) break; \ + if (!d) /* do nothing */; \ + else if (!s) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \ + else { \ + BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \ + BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \ } \ - \ - BLKC_STORE(PRE, ctx->buf, n); \ - off = 0; \ + sz -= PRE##_BLKSZ; \ } \ \ + BLKC_STORE(PRE, ctx->b, t); \ + off = 0; \ + \ /* --- Tidying up the tail end --- */ \ \ if (sz) { \ small: \ - if (!d) \ - off += sz; \ - else do { \ - register octet x = s ? *s++ : 0; \ - *d++ = ctx->buf[off++] ^ x; \ - sz--; \ - } while (sz); \ + if (!d) off += sz; \ + else do { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \ + while (sz); \ } \ \ /* --- Done --- */ \ @@ -271,29 +242,16 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_counterencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_counterencrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static void gsetiv(gcipher *c, const void *iv) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_countersetiv(&g->k, iv); \ -} \ + { gctx *g = (gctx *)c; pre##_countersetiv(&g->k, iv); } \ \ static void gbdry(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_counterbdry(&g->k); \ -} \ + { gctx *g = (gctx *)c; pre##_counterbdry(&g->k); } \ \ static const gcipher_ops gops = { \ &pre##_counter, \ @@ -343,11 +301,11 @@ static int grmisc(grand *r, unsigned op, ...) \ } \ break; \ case GRAND_SEEDINT: \ - BLKC_SET(PRE, g->k.n, va_arg(ap, unsigned)); \ + BLKC_SET(PRE, g->k.c, va_arg(ap, unsigned)); \ g->k.off = PRE##_BLKSZ; \ break; \ case GRAND_SEEDUINT32: \ - BLKC_SET(PRE, g->k.n, va_arg(ap, uint32)); \ + BLKC_SET(PRE, g->k.c, va_arg(ap, uint32)); \ g->k.off = PRE##_BLKSZ; \ break; \ case GRAND_SEEDBLOCK: { \ @@ -391,10 +349,7 @@ static uint32 grword(grand *r) \ } \ \ static void grfill(grand *r, void *p, size_t sz) \ -{ \ - grctx *g = (grctx *)r; \ - pre##_counterencrypt(&g->k, 0, p, sz); \ -} \ + { grctx *g = (grctx *)r; pre##_counterencrypt(&g->k, 0, p, sz); } \ \ static const grand_ops grops = { \ name "-counter", \ diff --git a/symm/counter.h b/symm/counter.h index 7e07b3c5..418f1489 100644 --- a/symm/counter.h +++ b/symm/counter.h @@ -62,8 +62,8 @@ typedef struct pre##_counterctx { \ pre##_ctx ctx; /* Underlying cipher context */ \ unsigned off; /* Current offset in buffer */ \ - octet buf[PRE##_BLKSZ]; /* Output buffer */ \ - uint32 n[PRE##_BLKSZ / 4]; /* Counter */ \ + octet b[PRE##_BLKSZ]; /* Output buffer */ \ + uint32 c[PRE##_BLKSZ / 4]; /* Counter */ \ } pre##_counterctx; \ \ /* --- @pre_countergetiv@ --- * \ diff --git a/symm/ecb-def.h b/symm/ecb-def.h index 62ce5236..957a16e3 100644 --- a/symm/ecb-def.h +++ b/symm/ecb-def.h @@ -80,9 +80,7 @@ */ \ \ void pre##_ecbsetkey(pre##_ecbctx *ctx, const pre##_ctx *k) \ -{ \ - ctx->ctx = *k; \ -} \ + { ctx->ctx = *k; } \ \ /* --- @pre_ecbinit@ --- * \ * \ @@ -100,9 +98,7 @@ void pre##_ecbsetkey(pre##_ecbctx *ctx, const pre##_ctx *k) \ void pre##_ecbinit(pre##_ecbctx *ctx, \ const void *key, size_t sz, \ const void *iv) \ -{ \ - pre##_init(&ctx->ctx, key, sz); \ -} \ + { pre##_init(&ctx->ctx, key, sz); } \ \ /* --- @pre_ecbencrypt@ --- * \ * \ @@ -125,11 +121,14 @@ void pre##_ecbencrypt(pre##_ecbctx *ctx, \ { \ const octet *s = src; \ octet *d = dest; \ + uint32 t[PRE##_BLKSZ/4]; \ + octet b[PRE##_BLKSZ]; \ + octet y; \ + unsigned i; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- Short blocks aren't allowed in ECB --- * \ * \ @@ -146,19 +145,11 @@ void pre##_ecbencrypt(pre##_ecbctx *ctx, \ * Hopefully... \ */ \ \ - while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ - uint32 x[PRE##_BLKSZ / 4]; \ - if (!s) \ - BLKC_ZERO(PRE, x); \ - else { \ - BLKC_LOAD(PRE, x, s); \ - s += PRE##_BLKSZ; \ - } \ - pre##_eblk(&ctx->ctx, x, x); \ - if (d) { \ - BLKC_STORE(PRE, d, x); \ - d += PRE##_BLKSZ; \ - } \ + while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ + if (!s) BLKC_ZERO(PRE, t); \ + else { BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; } \ + pre##_eblk(&ctx->ctx, t, t); \ + if (d) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \ sz -= PRE##_BLKSZ; \ } \ \ @@ -168,9 +159,6 @@ void pre##_ecbencrypt(pre##_ecbctx *ctx, \ */ \ \ if (sz) { \ - uint32 x[PRE##_BLKSZ / 4]; \ - octet b[PRE##_BLKSZ]; \ - unsigned i; \ \ /* --- Let @sz@ be the size of the partial block --- */ \ \ @@ -183,14 +171,10 @@ void pre##_ecbencrypt(pre##_ecbctx *ctx, \ * out yet, because I've not read the partial plaintext block. \ */ \ \ - if (!s) \ - BLKC_ZERO(PRE, x); \ - else { \ - BLKC_LOAD(PRE, x, s); \ - s += PRE##_BLKSZ; \ - } \ - pre##_eblk(&ctx->ctx, x, x); \ - BLKC_STORE(PRE, b, x); \ + if (!s) BLKC_ZERO(PRE, t); \ + else { BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; } \ + pre##_eblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, b, t); \ \ /* --- Second stage --- * \ * \ @@ -200,14 +184,10 @@ void pre##_ecbencrypt(pre##_ecbctx *ctx, \ */ \ \ if (d) d += PRE##_BLKSZ; \ - for (i = 0; i < sz; i++) { \ - register octet y = b[i]; \ - b[i] = s[i]; \ - if (d) d[i] = y; \ - } \ - BLKC_LOAD(PRE, x, b); \ - pre##_eblk(&ctx->ctx, x, x); \ - if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, x); \ + for (i = 0; i < sz; i++) { y = b[i]; b[i] = s[i]; if (d) d[i] = y; } \ + BLKC_LOAD(PRE, t, b); \ + pre##_eblk(&ctx->ctx, t, t); \ + if (d) BLKC_STORE(PRE, d - PRE##_BLKSZ, t); \ } \ \ /* --- Done --- */ \ @@ -236,11 +216,14 @@ void pre##_ecbdecrypt(pre##_ecbctx *ctx, \ { \ const octet *s = src; \ octet *d = dest; \ + uint32 t[PRE##_BLKSZ/4]; \ + octet b[PRE##_BLKSZ]; \ + octet y; \ + unsigned i; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- Short blocks aren't allowed in ECB --- * \ * \ @@ -256,13 +239,10 @@ void pre##_ecbdecrypt(pre##_ecbctx *ctx, \ * Each block is just handed to the block cipher in turn. \ */ \ \ - while (sz >= 2 * PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ - uint32 x[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, x, s); \ - pre##_dblk(&ctx->ctx, x, x); \ - BLKC_STORE(PRE, d, x); \ - s += PRE##_BLKSZ; \ - d += PRE##_BLKSZ; \ + while (sz >= 2*PRE##_BLKSZ || sz == PRE##_BLKSZ) { \ + BLKC_LOAD(PRE, t, s); s += PRE##_BLKSZ; \ + pre##_dblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; \ sz -= PRE##_BLKSZ; \ } \ \ @@ -272,9 +252,6 @@ void pre##_ecbdecrypt(pre##_ecbctx *ctx, \ */ \ \ if (sz) { \ - uint32 x[PRE##_BLKSZ / 4]; \ - octet b[PRE##_BLKSZ]; \ - unsigned i; \ \ /* --- Let @sz@ be the size of the partial block --- */ \ \ @@ -286,9 +263,9 @@ void pre##_ecbdecrypt(pre##_ecbctx *ctx, \ * is carried over for the next encryption operation. \ */ \ \ - BLKC_LOAD(PRE, x, s); \ - pre##_dblk(&ctx->ctx, x, x); \ - BLKC_STORE(PRE, b, x); \ + BLKC_LOAD(PRE, t, s); \ + pre##_dblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, b, t); \ \ /* --- Second stage --- * \ * \ @@ -299,14 +276,10 @@ void pre##_ecbdecrypt(pre##_ecbctx *ctx, \ \ s += PRE##_BLKSZ; \ d += PRE##_BLKSZ; \ - for (i = 0; i < sz; i++) { \ - register octet y = s[i]; \ - d[i] = b[i]; \ - b[i] = y; \ - } \ - BLKC_LOAD(PRE, x, b); \ - pre##_dblk(&ctx->ctx, x, x); \ - BLKC_STORE(PRE, d - PRE##_BLKSZ, x); \ + for (i = 0; i < sz; i++) { y = s[i]; d[i] = b[i]; b[i] = y; } \ + BLKC_LOAD(PRE, t, b); \ + pre##_dblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, d - PRE##_BLKSZ, t); \ } \ \ /* --- Done --- */ \ @@ -332,23 +305,13 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_ecbencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_ecbencrypt(&g->k, s, t, sz); } \ \ static void gdecrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_ecbdecrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_ecbdecrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static const gcipher_ops gops = { \ &pre##_ecb, \ diff --git a/symm/hash.h b/symm/hash.h index eb3cd75e..420277d2 100644 --- a/symm/hash.h +++ b/symm/hash.h @@ -59,6 +59,8 @@ pre##_ctx *_bctx = (ictx); \ size_t _bsz = (isz); \ const octet *_bbuf = (octet *)(ibuf); \ + size_t _s; \ + uint32 _l, _h; \ \ /* --- Add on the size done so far --- * \ * \ @@ -66,29 +68,23 @@ * how many bits you've actually got. \ */ \ \ - { \ - uint32 _l = U32(_bsz); \ - uint32 _h = ((_bsz & ~(size_t)MASK32) >> 16) >> 16; \ - _bctx->nh += _h; \ - _bctx->nl += _l; \ - if (_bctx->nl < _l || _bctx->nl & ~(uint32)MASK32) \ - _bctx->nh++; \ - } \ + _l = U32(_bsz); _h = ((_bsz & ~(size_t)MASK32) >> 16) >> 16; \ + _bctx->nl += _l; if (_bctx->nl < _l || _bctx->nl & ~(uint32)MASK32) _h++; \ + _bctx->nh += _h; \ \ /* --- Handle very small contributions --- */ \ \ - if (_bctx->off + _bsz < PRE##_BUFSZ) { \ - memcpy(_bctx->buf + _bctx->off, _bbuf, _bsz); \ - _bctx->off += _bsz; \ - } else { \ + if (_bctx->off + _bsz < PRE##_BUFSZ) \ + { memcpy(_bctx->buf + _bctx->off, _bbuf, _bsz); _bctx->off += _bsz; } \ + else { \ \ /* --- Handle an initial partial buffer --- */ \ \ if (_bctx->off) { \ - size_t s = PRE##_BUFSZ - _bctx->off; \ - memcpy(_bctx->buf + _bctx->off, _bbuf, s); \ + _s = PRE##_BUFSZ - _bctx->off; \ + memcpy(_bctx->buf + _bctx->off, _bbuf, _s); \ pre##_compress(_bctx, _bctx->buf); \ - _bsz -= s; _bbuf += s; \ + _bsz -= _s; _bbuf += _s; \ } \ \ /* --- Do whole buffers while we can --- */ \ @@ -100,8 +96,7 @@ \ /* --- And wrap up at the end --- */ \ \ - if (_bsz) \ - memcpy(_bctx->buf, _bbuf, _bsz); \ + if (_bsz) memcpy(_bctx->buf, _bbuf, _bsz); \ _bctx->off = _bsz; \ } \ } while (0) diff --git a/symm/hmac-def.h b/symm/hmac-def.h index 72bd126a..e3f12ced 100644 --- a/symm/hmac-def.h +++ b/symm/hmac-def.h @@ -208,9 +208,7 @@ void pre##_macinit(pre##_macctx *ctx, const pre##_mackey *key) \ */ \ \ void pre##_machash(pre##_macctx *ctx, const void *buf, size_t sz) \ -{ \ - pre##_hash(&ctx->ctx, buf, sz); \ -} \ + { pre##_hash(&ctx->ctx, buf, sz); } \ \ /* --- @pre_macdone@ --- * \ * \ diff --git a/symm/mgf-def.h b/symm/mgf-def.h index aad09a45..0b2df3d6 100644 --- a/symm/mgf-def.h +++ b/symm/mgf-def.h @@ -82,16 +82,10 @@ const octet pre##_mgfkeysz[] = { KSZ_ANY, PRE##_HASHSZ }; \ */ \ \ void pre##_mgfkeybegin(pre##_mgfctx *k) \ -{ \ - k->c = 0; \ - k->bsz = 0; \ - pre##_init(&k->k); \ -} \ + { k->c = 0; k->off = 0; pre##_init(&k->k); } \ \ void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \ -{ \ - pre##_hash(&k->k, p, sz); \ -} \ + { pre##_hash(&k->k, p, sz); } \ \ /* ---- @pre_mgfinit@ --- * \ * \ @@ -106,12 +100,7 @@ void pre##_mgfkeyadd(pre##_mgfctx *k, const void *p, size_t sz) \ */ \ \ void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \ -{ \ - k->c = 0; \ - k->bsz = 0; \ - pre##_init(&k->k); \ - pre##_hash(&k->k, p, sz); \ -} \ + { k->c = 0; k->off = 0; pre##_init(&k->k); pre##_hash(&k->k, p, sz); } \ \ /* --- @pre_mgfencrypt@ --- * \ * \ @@ -133,54 +122,35 @@ void pre##_mgfinit(pre##_mgfctx *k, const void *p, size_t sz) \ void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \ void *d, size_t sz) \ { \ + pre##_ctx h; \ const octet *ss = s; \ octet *dd = d; \ + const octet *p; \ + size_t off; \ \ /* --- Empty the buffer if there's anything there --- */ \ \ - if (k->bsz) { \ - const octet *p = k->buf + PRE##_HASHSZ - k->bsz; \ - size_t n = sz > k->bsz ? k->bsz : sz; \ - sz -= n; \ - k->bsz -= n; \ - if (dd) { \ - if (!ss) { \ - memcpy(dd, p, n); \ - dd += n; \ - } else { \ - while (n) { \ - *dd++ = *ss++ ^ *p++; \ - n--; \ - } \ - } \ - } \ + if (k->off) { \ + p = k->b + PRE##_HASHSZ - k->off; \ + off = sz > k->off ? k->off : sz; \ + sz -= off; k->off -= off; \ + if (!dd) /* do nothing */; \ + else if (!ss) { memcpy(dd, p, off); dd += off; } \ + else while (off--) *dd++ = *ss++ ^ *p++; \ } \ \ /* --- While necessary, generate some more mask --- */ \ \ while (sz) { \ - pre##_ctx c = k->k; /* Not quick! */ \ - size_t n; \ - \ - STORE32(k->buf, k->c); \ - k->c++; \ - pre##_hash(&c, k->buf, 4); \ - pre##_done(&c, k->buf); \ - n = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \ - k->bsz = PRE##_HASHSZ - n; \ - sz -= n; \ - if (dd) { \ - const octet *p = k->buf; \ - if (!ss) { \ - memcpy(dd, p, n); \ - dd += n; \ - } else { \ - while (n) { \ - *dd++ = *ss++ ^ *p++; \ - n--; \ - } \ - } \ - } \ + STORE32(k->b, k->c); k->c++; \ + h = k->k; pre##_hash(&h, k->b, 4); pre##_done(&h, k->b); \ + off = sz > PRE##_HASHSZ ? PRE##_HASHSZ : sz; \ + k->off = PRE##_HASHSZ - off; \ + sz -= off; \ + p = k->b; \ + if (!dd) /* do nothing */; \ + else if (!ss) { memcpy(dd, p, off); dd += off; } \ + else while (off--) *dd++ = *ss++ ^ *p++; \ } \ } \ \ @@ -196,10 +166,7 @@ void pre##_mgfencrypt(pre##_mgfctx *k, const void *s, \ */ \ \ void pre##_mgfsetindex(pre##_mgfctx *k, uint32 c) \ -{ \ - k->c = c; \ - k->bsz = 0; \ -} \ + { k->c = c; k->off = 0; } \ \ /* --- Generic cipher interface --- */ \ \ @@ -219,17 +186,10 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_mgfencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_mgfencrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static const gcipher_ops gops = { \ &pre##_mgf, \ @@ -320,10 +280,7 @@ static uint32 grword(grand *r) \ } \ \ static void grfill(grand *r, void *p, size_t sz) \ -{ \ - grctx *g = (grctx *)r; \ - pre##_mgfencrypt(&g->k, 0, p, sz); \ -} \ + { grctx *g = (grctx *)r; pre##_mgfencrypt(&g->k, 0, p, sz); } \ \ static const grand_ops grops = { \ name "-mgf", \ diff --git a/symm/mgf.h b/symm/mgf.h index d5b0fd1b..934f0127 100644 --- a/symm/mgf.h +++ b/symm/mgf.h @@ -61,8 +61,8 @@ typedef struct pre##_mgfctx { \ pre##_ctx k; /* Underlying key context */ \ uint32 c; /* Counter */ \ - octet buf[PRE##_HASHSZ]; /* Output buffer */ \ - size_t bsz; /* Size of buffered data */ \ + octet b[PRE##_HASHSZ]; /* Output buffer */ \ + unsigned off; /* Size of buffered data */ \ } pre##_mgfctx; \ \ /* --- Other useful constants --- */ \ diff --git a/symm/ofb-def.h b/symm/ofb-def.h index 2aafacbe..10f799c3 100644 --- a/symm/ofb-def.h +++ b/symm/ofb-def.h @@ -87,8 +87,9 @@ void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \ octet *p = iv; \ unsigned off = ctx->off; \ unsigned rest = PRE##_BLKSZ - off; \ - memcpy(p, ctx->iv + off, rest); \ - memcpy(p + rest, ctx->iv, off); \ + \ + memcpy(p, ctx->b + off, rest); \ + memcpy(p + rest, ctx->b, off); \ } \ \ /* --- @pre_ofbsetiv@ --- * \ @@ -102,10 +103,7 @@ void pre##_ofbgetiv(const pre##_ofbctx *ctx, void *iv) \ */ \ \ void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \ -{ \ - memcpy(ctx->iv, iv, PRE##_BLKSZ); \ - ctx->off = PRE##_BLKSZ; \ -} \ + { memcpy(ctx->b, iv, PRE##_BLKSZ); ctx->off = PRE##_BLKSZ; } \ \ /* --- @pre_ofbbdry@ --- * \ * \ @@ -119,12 +117,13 @@ void pre##_ofbsetiv(pre##_ofbctx *ctx, const void *iv) \ \ void pre##_ofbbdry(pre##_ofbctx *ctx) \ { \ - uint32 niv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, niv, ctx->iv); \ - pre##_eblk(&ctx->ctx, niv, niv); \ - BLKC_STORE(PRE, ctx->iv, niv); \ + uint32 t[PRE##_BLKSZ/4]; \ + \ + BLKC_LOAD(PRE, t, ctx->b); \ + pre##_eblk(&ctx->ctx, t, t); \ + BLKC_STORE(PRE, ctx->b, t); \ ctx->off = PRE##_BLKSZ; \ - BURN(niv); \ + BURN(t); \ } \ \ /* --- @pre_ofbsetkey@ --- * \ @@ -138,9 +137,7 @@ void pre##_ofbbdry(pre##_ofbctx *ctx) \ */ \ \ void pre##_ofbsetkey(pre##_ofbctx *ctx, const pre##_ctx *k) \ -{ \ - ctx->ctx = *k; \ -} \ + { ctx->ctx = *k; } \ \ /* --- @pre_ofbinit@ --- * \ * \ @@ -163,6 +160,7 @@ void pre##_ofbinit(pre##_ofbctx *ctx, \ const void *iv) \ { \ static const octet zero[PRE##_BLKSZ] = { 0 }; \ + \ pre##_init(&ctx->ctx, key, sz); \ pre##_ofbsetiv(ctx, iv ? iv : zero); \ } \ @@ -190,68 +188,49 @@ void pre##_ofbencrypt(pre##_ofbctx *ctx, \ const octet *s = src; \ octet *d = dest; \ unsigned off = ctx->off; \ + uint32 t[PRE##_BLKSZ/4], u[PRE##_BLKSZ/4]; \ + octet y; \ \ /* --- Empty blocks are trivial --- */ \ \ - if (!sz) \ - return; \ + if (!sz) return; \ \ /* --- If I can deal with the block from my buffer, do that --- */ \ \ - if (sz < PRE##_BLKSZ - off) \ - goto small; \ + if (sz < PRE##_BLKSZ - off) goto small; \ \ /* --- Finish off what's left in my buffer --- */ \ \ - if (!d) \ - sz -= PRE##_BLKSZ - off; \ - else { \ - while (off < PRE##_BLKSZ) { \ - register octet x = s ? *s++ : 0; \ - *d++ = ctx->iv[off++] ^ x; \ - sz--; \ - } \ - } \ + if (!d) sz -= PRE##_BLKSZ - off; \ + else while (off < PRE##_BLKSZ) \ + { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \ \ /* --- Main encryption loop --- */ \ \ - { \ - uint32 iv[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, iv, ctx->iv); \ - \ - for (;;) { \ - pre##_eblk(&ctx->ctx, iv, iv); \ - if (sz < PRE##_BLKSZ) \ - break; \ - if (d) { \ - if (!s) \ - BLKC_STORE(PRE, d, iv); \ - else { \ - uint32 x[PRE##_BLKSZ / 4]; \ - BLKC_LOAD(PRE, x, s); \ - BLKC_XSTORE(PRE, d, iv, x); \ - s += PRE##_BLKSZ; \ - } \ - d += PRE##_BLKSZ; \ - } \ - sz -= PRE##_BLKSZ; \ - } \ + BLKC_LOAD(PRE, t, ctx->b); \ \ - BLKC_STORE(PRE, ctx->iv, iv); \ - off = 0; \ + for (;;) { \ + pre##_eblk(&ctx->ctx, t, t); \ + if (sz < PRE##_BLKSZ) break; \ + if (!d) /* do nothing */; \ + else if (!s) { BLKC_STORE(PRE, d, t); d += PRE##_BLKSZ; } \ + else { \ + BLKC_LOAD(PRE, u, s); s += PRE##_BLKSZ; \ + BLKC_XSTORE(PRE, d, t, u); d += PRE##_BLKSZ; \ + } \ + sz -= PRE##_BLKSZ; \ } \ \ + BLKC_STORE(PRE, ctx->b, t); \ + off = 0; \ + \ /* --- Tidying up the tail end --- */ \ \ if (sz) { \ small: \ - if (!d) \ - off += sz; \ - else do { \ - register octet x = s ? *s++ : 0; \ - *d++ = ctx->iv[off++] ^ x; \ - sz--; \ - } while (sz); \ + if (!d) off += sz; \ + else do { y = s ? *s++ : 0; *d++ = ctx->b[off++] ^ y; sz--; } \ + while (sz); \ } \ \ /* --- Done --- */ \ @@ -278,23 +257,13 @@ static gcipher *ginit(const void *k, size_t sz) \ } \ \ static void gencrypt(gcipher *c, const void *s, void *t, size_t sz) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_ofbencrypt(&g->k, s, t, sz); \ -} \ + { gctx *g = (gctx *)c; pre##_ofbencrypt(&g->k, s, t, sz); } \ \ static void gdestroy(gcipher *c) \ -{ \ - gctx *g = (gctx *)c; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { gctx *g = (gctx *)c; BURN(*g); S_DESTROY(g); } \ \ static void gsetiv(gcipher *c, const void *iv) \ -{ \ - gctx *g = (gctx *)c; \ - pre##_ofbsetiv(&g->k, iv); \ -} \ + { gctx *g = (gctx *)c; pre##_ofbsetiv(&g->k, iv); } \ \ static void gbdry(gcipher *c) \ { \ @@ -320,11 +289,7 @@ typedef struct grctx { \ } grctx; \ \ static void grdestroy(grand *r) \ -{ \ - grctx *g = (grctx *)r; \ - BURN(*g); \ - S_DESTROY(g); \ -} \ + { grctx *g = (grctx *)r; BURN(*g); S_DESTROY(g); } \ \ static int grmisc(grand *r, unsigned op, ...) \ { \ @@ -403,10 +368,7 @@ static uint32 grword(grand *r) \ } \ \ static void grfill(grand *r, void *p, size_t sz) \ -{ \ - grctx *g = (grctx *)r; \ - pre##_ofbencrypt(&g->k, 0, p, sz); \ -} \ + { grctx *g = (grctx *)r; pre##_ofbencrypt(&g->k, 0, p, sz); } \ \ static const grand_ops grops = { \ name "-ofb", \ diff --git a/symm/ofb.h b/symm/ofb.h index 5eec2ff0..6603a4de 100644 --- a/symm/ofb.h +++ b/symm/ofb.h @@ -62,7 +62,7 @@ typedef struct pre##_ofbctx { \ pre##_ctx ctx; /* Underlying cipher context */ \ unsigned off; /* Current offset in buffer */ \ - octet iv[PRE##_BLKSZ]; /* Output buffer and IV */ \ + octet b[PRE##_BLKSZ]; /* Output buffer and IV */ \ } pre##_ofbctx; \ \ /* --- @pre_ofbgetiv@ --- * \ diff --git a/symm/salsa20-core.h b/symm/salsa20-core.h index b27f2220..352fec3f 100644 --- a/symm/salsa20-core.h +++ b/symm/salsa20-core.h @@ -164,8 +164,8 @@ */ #define SALSA20_PREPBUF(ctx, a) do { \ int _i; \ - for (_i = 0; _i < 16; _i++) STORE32_L((ctx)->buf + 4*_i, (a)[_i]); \ - (ctx)->bufi = 0; \ + for (_i = 0; _i < 16; _i++) STORE32_L((ctx)->b + 4*_i, (a)[_i]); \ + (ctx)->off = 0; \ } while (0) /* Write at most @n@ bytes of buffered output from the context @ctx@ to the @@ -174,12 +174,12 @@ * @n@ is decreased appropriately. */ #define SALSA20_OUTBUF(ctx, d, s, n) do { \ - size_t _n = (n), _left = SALSA20_OUTSZ - (ctx)->bufi; \ + size_t _n = (n), _left = SALSA20_OUTSZ - (ctx)->off; \ if (_n > _left) _n = _left; \ (n) -= _n; \ - if (!(d)) (ctx)->bufi += _n; \ - else if (s) while (_n--) *(d)++ = (ctx)->buf[(ctx)->bufi++] ^ *(s)++; \ - else while (_n--) *(d)++ = (ctx)->buf[(ctx)->bufi++]; \ + if (!(d)) (ctx)->off += _n; \ + else if (s) while (_n--) *(d)++ = (ctx)->b[(ctx)->off++] ^ *(s)++; \ + else while (_n--) *(d)++ = (ctx)->b[(ctx)->off++]; \ } while (0) /*----- Variants and naming -----------------------------------------------*/ diff --git a/symm/salsa20.c b/symm/salsa20.c index e78baf05..64ae8ae3 100644 --- a/symm/salsa20.c +++ b/symm/salsa20.c @@ -233,7 +233,7 @@ void salsa20_seek(salsa20_ctx *ctx, unsigned long i) void salsa20_seeku64(salsa20_ctx *ctx, kludge64 i) { ctx->a[8] = LO64(i); ctx->a[5] = HI64(i); - ctx->bufi = SALSA20_OUTSZ; + ctx->off = SALSA20_OUTSZ; } void salsa20_seek_ietf(salsa20_ctx *ctx, uint32 i) diff --git a/symm/salsa20.h b/symm/salsa20.h index 317a34c1..7f3059ef 100644 --- a/symm/salsa20.h +++ b/symm/salsa20.h @@ -64,8 +64,8 @@ typedef uint32 salsa20_matrix[16]; typedef struct salsa20_ctx { salsa20_matrix a; - octet buf[SALSA20_OUTSZ]; - size_t bufi; + octet b[SALSA20_OUTSZ]; + unsigned off; } salsa20_ctx; #define XSALSA20_DEFCTX(name) \ -- 2.11.0