Skip to content

Commit

Permalink
Implement all variants of AEGIS-MAC
Browse files Browse the repository at this point in the history
  • Loading branch information
jedisct1 committed May 10, 2024
1 parent 8ce9878 commit a59935d
Show file tree
Hide file tree
Showing 45 changed files with 842 additions and 79 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Portable C implementations of the [AEGIS](https://datatracker.ietf.org/doc/draft
- AEGIS-256 with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
- AEGIS-256X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM Crypto)
- AEGIS-256X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI, ARM Crypto)
- All variants of AEGIS-MAC, supporting incremental updates.
- Encryption and decryption with attached and detached tags
- Incremental encryption and decryption.
- Unauthenticated encryption and decryption (not recommended - only implemented for specific protocols)
Expand Down
94 changes: 47 additions & 47 deletions src/aegis128l/aegis128l_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -324,53 +324,6 @@ state_init(aegis128l_state *st_, const uint8_t *ad, size_t adlen, const uint8_t
st->adlen = adlen;
}

static int
state_mac_update(aegis128l_state *st_, const uint8_t *ad, size_t adlen)
{
_aegis128l_state *const st =
(_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t i;
size_t left;

left = st->adlen % RATE;
st->adlen += adlen;
if (left != 0) {
if (left + adlen < RATE) {
memcpy(st->buf + left, ad, adlen);
return 0;
}
memcpy(st->buf + left, ad, RATE - left);
aegis128l_absorb(st->buf, st->state);
ad += RATE - left;
adlen -= RATE - left;
}
for (i = 0; i + RATE <= adlen; i += RATE) {
aegis128l_absorb(ad + i, st->state);
}
if (i < adlen) {
memset(st->buf, 0, RATE);
memcpy(st->buf, ad + i, adlen - i);
}
return 0;
}

static int
state_mac_final(aegis128l_state *st_, uint8_t *mac, size_t maclen)
{
_aegis128l_state *const st =
(_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t left;

left = st->adlen % RATE;
if (left != 0) {
memset(st->buf + left, 0, RATE - left);
aegis128l_absorb(st->buf, st->state);
}
aegis128l_mac(mac, maclen, st->adlen, 0, st->state);

return 0;
}

static int
state_encrypt_update(aegis128l_state *st_, uint8_t *c, size_t clen_max, size_t *written,
const uint8_t *m, size_t mlen)
Expand Down Expand Up @@ -574,3 +527,50 @@ state_decrypt_detached_final(aegis128l_state *st_, uint8_t *m, size_t mlen_max,
}
return ret;
}

static int
state_mac_update(aegis128l_state *st_, const uint8_t *ad, size_t adlen)
{
_aegis128l_state *const st =
(_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t i;
size_t left;

left = st->adlen % RATE;
st->adlen += adlen;
if (left != 0) {
if (left + adlen < RATE) {
memcpy(st->buf + left, ad, adlen);
return 0;
}
memcpy(st->buf + left, ad, RATE - left);
aegis128l_absorb(st->buf, st->state);
ad += RATE - left;
adlen -= RATE - left;
}
for (i = 0; i + RATE <= adlen; i += RATE) {
aegis128l_absorb(ad + i, st->state);
}
if (i < adlen) {
memset(st->buf, 0, RATE);
memcpy(st->buf, ad + i, adlen - i);
}
return 0;
}

static int
state_mac_final(aegis128l_state *st_, uint8_t *mac, size_t maclen)
{
_aegis128l_state *const st =
(_aegis128l_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t left;

left = st->adlen % RATE;
if (left != 0) {
memset(st->buf + left, 0, RATE - left);
aegis128l_absorb(st->buf, st->state);
}
aegis128l_mac(mac, maclen, st->adlen, 0, st->state);

return 0;
}
43 changes: 43 additions & 0 deletions src/aegis128x2/aegis128x2.c
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,49 @@ aegis128x2_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen, co
implementation->decrypt_unauthenticated(m, c, clen, npub, k);
}

void
aegis128x2_mac_init(aegis128x2_state *st_, const uint8_t *k)
{
const uint8_t npub[aegis128x2_NPUBBYTES] = { 0 };

memset(st_, 0, sizeof *st_);
implementation->state_init(st_, NULL, 0, npub, k);
}

int
aegis128x2_mac_update(aegis128x2_state *st_, const uint8_t *m, size_t mlen)
{
return implementation->state_mac_update(st_, m, mlen);
}

int
aegis128x2_mac_final(aegis128x2_state *st_, uint8_t *mac, size_t maclen)
{
if (maclen != 16 && maclen != 32) {
errno = EINVAL;
return -1;
}
return implementation->state_mac_final(st_, mac, maclen);
}

int
aegis128x2_mac_verify(aegis128x2_state *st_, const uint8_t *mac, size_t maclen)
{
uint8_t expected_mac[32];

switch (maclen) {
case 16:
implementation->state_mac_final(st_, expected_mac, maclen);
return aegis_verify_16(expected_mac, mac);
case 32:
implementation->state_mac_final(st_, expected_mac, maclen);
return aegis_verify_32(expected_mac, mac);
default:
errno = EINVAL;
return -1;
}
}

int
aegis128x2_pick_best_implementation(void)
{
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x2/aegis128x2_aesni.c
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,8 @@ struct aegis128x2_implementation aegis128x2_aesni_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x2/aegis128x2_armcrypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,8 @@ struct aegis128x2_implementation aegis128x2_armcrypto_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x2/aegis128x2_avx2.c
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ struct aegis128x2_implementation aegis128x2_avx2_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
47 changes: 47 additions & 0 deletions src/aegis128x2/aegis128x2_common.h
Original file line number Diff line number Diff line change
Expand Up @@ -561,3 +561,50 @@ state_decrypt_detached_final(aegis128x2_state *st_, uint8_t *m, size_t mlen_max,
}
return ret;
}

static int
state_mac_update(aegis128x2_state *st_, const uint8_t *ad, size_t adlen)
{
_aegis128x2_state *const st =
(_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t i;
size_t left;

left = st->adlen % RATE;
st->adlen += adlen;
if (left != 0) {
if (left + adlen < RATE) {
memcpy(st->buf + left, ad, adlen);
return 0;
}
memcpy(st->buf + left, ad, RATE - left);
aegis128x2_absorb(st->buf, st->state);
ad += RATE - left;
adlen -= RATE - left;
}
for (i = 0; i + RATE <= adlen; i += RATE) {
aegis128x2_absorb(ad + i, st->state);
}
if (i < adlen) {
memset(st->buf, 0, RATE);
memcpy(st->buf, ad + i, adlen - i);
}
return 0;
}

static int
state_mac_final(aegis128x2_state *st_, uint8_t *mac, size_t maclen)
{
_aegis128x2_state *const st =
(_aegis128x2_state *) ((((uintptr_t) &st_->opaque) + (RATE - 1)) & ~(uintptr_t) (RATE - 1));
size_t left;

left = st->adlen % RATE;
if (left != 0) {
memset(st->buf + left, 0, RATE - left);
aegis128x2_absorb(st->buf, st->state);
}
aegis128x2_mac(mac, maclen, st->adlen, 0, st->state);

return 0;
}
2 changes: 2 additions & 0 deletions src/aegis128x2/aegis128x2_soft.c
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ struct aegis128x2_implementation aegis128x2_soft_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

#endif
3 changes: 3 additions & 0 deletions src/aegis128x2/implementations.h
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ typedef struct aegis128x2_implementation {
size_t *written, const uint8_t *c, size_t clen);
int (*state_decrypt_detached_final)(aegis128x2_state *st_, uint8_t *m, size_t mlen_max,
size_t *written, const uint8_t *mac, size_t maclen);
int (*state_mac_update)(aegis128x2_state *st_, const uint8_t *ad, size_t adlen);
int (*state_mac_final)(aegis128x2_state *st_, uint8_t *mac, size_t maclen);

} aegis128x2_implementation;

#endif
43 changes: 43 additions & 0 deletions src/aegis128x4/aegis128x4.c
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,49 @@ aegis128x4_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen, co
implementation->decrypt_unauthenticated(m, c, clen, npub, k);
}

void
aegis128x4_mac_init(aegis128x4_state *st_, const uint8_t *k)
{
const uint8_t npub[aegis128x4_NPUBBYTES] = { 0 };

memset(st_, 0, sizeof *st_);
implementation->state_init(st_, NULL, 0, npub, k);
}

int
aegis128x4_mac_update(aegis128x4_state *st_, const uint8_t *m, size_t mlen)
{
return implementation->state_mac_update(st_, m, mlen);
}

int
aegis128x4_mac_final(aegis128x4_state *st_, uint8_t *mac, size_t maclen)
{
if (maclen != 16 && maclen != 32) {
errno = EINVAL;
return -1;
}
return implementation->state_mac_final(st_, mac, maclen);
}

int
aegis128x4_mac_verify(aegis128x4_state *st_, const uint8_t *mac, size_t maclen)
{
uint8_t expected_mac[32];

switch (maclen) {
case 16:
implementation->state_mac_final(st_, expected_mac, maclen);
return aegis_verify_16(expected_mac, mac);
case 32:
implementation->state_mac_final(st_, expected_mac, maclen);
return aegis_verify_32(expected_mac, mac);
default:
errno = EINVAL;
return -1;
}
}

int
aegis128x4_pick_best_implementation(void)
{
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x4/aegis128x4_aesni.c
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,8 @@ struct aegis128x4_implementation aegis128x4_aesni_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x4/aegis128x4_armcrypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ struct aegis128x4_implementation aegis128x4_armcrypto_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x4/aegis128x4_avx2.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,8 @@ struct aegis128x4_implementation aegis128x4_avx2_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
2 changes: 2 additions & 0 deletions src/aegis128x4/aegis128x4_avx512.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ struct aegis128x4_implementation aegis128x4_avx512_implementation = {
.state_encrypt_final = state_encrypt_final,
.state_decrypt_detached_update = state_decrypt_detached_update,
.state_decrypt_detached_final = state_decrypt_detached_final,
.state_mac_update = state_mac_update,
.state_mac_final = state_mac_final,
};

# ifdef __clang__
Expand Down
Loading

0 comments on commit a59935d

Please sign in to comment.