#define WIPE_BUFFER(buffer) crypto_wipe(buffer, sizeof(buffer))
#define MIN(a, b) ((a) <= (b) ? (a) : (b))
#define MAX(a, b) ((a) >= (b) ? (a) : (b))
-#define ALIGN(x, block_size) ((~(x) + 1) & ((block_size) - 1))
+
typedef int8_t i8;
typedef uint8_t u8;
typedef int16_t i16;
static const u8 zero[128] = {0};
+// returns the smallest positive integer y such that
+// (x + y) % pow_2 == 0
+// Basically, it's how many bytes we need to add to "align" x.
+// Only works when pow_2 is a power of 2.
+// Note: we use ~x+1 instead of -x to avoid compiler warnings
+static size_t align(size_t x, size_t pow_2)
+{
+ return (~x + 1) & (pow_2 - 1);
+}
+
static u32 load24_le(const u8 s[3])
{
return (u32)s[0]
return;
}
// Align ourselves with block boundaries
- size_t align = MIN(ALIGN(ctx->c_idx, 16), message_size);
- poly_update(ctx, message, align);
- message += align;
- message_size -= align;
+ size_t aligned = MIN(align(ctx->c_idx, 16), message_size);
+ poly_update(ctx, message, aligned);
+ message += aligned;
+ message_size -= aligned;
// Process the message block by block
size_t nb_blocks = message_size >> 4;
return;
}
// Align ourselves with block boundaries
- size_t align = MIN(ALIGN(ctx->input_idx, 128), message_size);
- blake2b_update(ctx, message, align);
- message += align;
- message_size -= align;
+ size_t aligned = MIN(align(ctx->input_idx, 128), message_size);
+ blake2b_update(ctx, message, aligned);
+ message += aligned;
+ message_size -= aligned;
// Process the message block by block
FOR (i, 0, message_size >> 7) { // number of blocks
crypto_poly1305_ctx poly_ctx; // auto wiped...
crypto_poly1305_init (&poly_ctx, auth_key);
crypto_poly1305_update(&poly_ctx, ad , ad_size);
- crypto_poly1305_update(&poly_ctx, zero , ALIGN(ad_size, 16));
+ crypto_poly1305_update(&poly_ctx, zero , align(ad_size, 16));
crypto_poly1305_update(&poly_ctx, cipher_text, text_size);
- crypto_poly1305_update(&poly_ctx, zero , ALIGN(text_size, 16));
+ crypto_poly1305_update(&poly_ctx, zero , align(text_size, 16));
crypto_poly1305_update(&poly_ctx, sizes , 16);
crypto_poly1305_final (&poly_ctx, mac); // ...here
}
#define WIPE_CTX(ctx) crypto_wipe(ctx , sizeof(*(ctx)))
#define WIPE_BUFFER(buffer) crypto_wipe(buffer, sizeof(buffer))
#define MIN(a, b) ((a) <= (b) ? (a) : (b))
-#define ALIGN(x, block_size) ((~(x) + 1) & ((block_size) - 1))
typedef uint8_t u8;
typedef uint64_t u64;
+// returns the smallest positive integer y such that
+// (x + y) % pow_2 == 0
+// Basically, it's how many bytes we need to add to "align" x.
+// Only works when pow_2 is a power of 2.
+// Note: we use ~x+1 instead of -x to avoid compiler warnings
+static size_t align(size_t x, size_t pow_2)
+{
+ return (~x + 1) & (pow_2 - 1);
+}
+
static u64 load64_be(const u8 s[8])
{
return((u64)s[0] << 56)
return;
}
// Align ourselves with block boundaries
- size_t align = MIN(ALIGN(ctx->input_idx, 128), message_size);
- sha512_update(ctx, message, align);
- message += align;
- message_size -= align;
+ size_t aligned = MIN(align(ctx->input_idx, 128), message_size);
+ sha512_update(ctx, message, aligned);
+ message += aligned;
+ message_size -= aligned;
// Process the message block by block
FOR (i, 0, message_size / 128) { // number of blocks
projects / Monocypher.git / commitdiff