From a3cb781cdf3f20d570dea311aa44a4059b156b24 Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Sat, 11 Jan 2020 13:59:09 +0100 Subject: [PATCH] Cosmetic/consistency in Argon2i The functions g_copy() and g_xor() both take a pointer to a temporary, to avoid wiping them again and again. unary_g(), however, did not, and instead managed its temporary block internally. Since unary_g() is called less often, this is not really a problem. I thought it would be cleaner however to have all three functions work the same way. This should have a negligible, positive impact on performance as well. --- src/monocypher.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/monocypher.c b/src/monocypher.c index 6eeffb2..79dabcc 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -844,14 +844,12 @@ static void g_xor(block *result, const block *x, const block *y, block *tmp) // Unary version of the compression function. // The missing argument is implied zero. // Does the transformation in place. -static void unary_g(block *work_block) +static void unary_g(block *work_block, block *tmp) { // work_block == R - block tmp; - copy_block(&tmp, work_block); // tmp = R - g_rounds(work_block); // work_block = Z - xor_block(work_block, &tmp); // work_block = Z ^ R - wipe_block(&tmp); + copy_block(tmp, work_block); // tmp = R + g_rounds (work_block); // work_block = Z + xor_block (work_block, tmp); // work_block = Z ^ R } // Argon2i uses a kind of stream cipher to determine which reference @@ -886,8 +884,10 @@ static void gidx_refresh(gidx_ctx *ctx) // Shuffle the block thus: ctx->b = G((G(ctx->b, zero)), zero) // (G "square" function), to get cheap pseudo-random numbers. - unary_g(&ctx->b); - unary_g(&ctx->b); + block tmp; + unary_g(&ctx->b, &tmp); + unary_g(&ctx->b, &tmp); + wipe_block(&tmp); } static void gidx_init(gidx_ctx *ctx, -- 2.47.3