diff options
| author | Daniel Schadt <kingdread@gmx.de> | 2025-04-11 17:38:49 +0200 |
|---|---|---|
| committer | Daniel Schadt <kingdread@gmx.de> | 2025-04-11 17:38:49 +0200 |
| commit | 4f7f2e1b8497b4291ae72f1f3100da68e97170fa (patch) | |
| tree | c49c2c496645f9b2fbaa72deabc78147f5ea8d6d /src/lib.rs | |
| parent | 5c192adf8a500c53c2c7f5be7de9d6f697e43096 (diff) | |
| download | zears-4f7f2e1b8497b4291ae72f1f3100da68e97170fa.tar.gz zears-4f7f2e1b8497b4291ae72f1f3100da68e97170fa.tar.bz2 zears-4f7f2e1b8497b4291ae72f1f3100da68e97170fa.zip | |
optimize e(-1) call
Diffstat (limited to 'src/lib.rs')
| -rw-r--r-- | src/lib.rs | 38 |
1 files changed, 16 insertions, 22 deletions
@@ -469,7 +469,6 @@ fn encipher_aez_core(aez: &Aez, tweaks: Tweak, message: &mut [u8]) { let mut y = Block::null(); let mut e2_eval = E::new(2, 0, aez); let mut e1_eval = E::new(1, 0, aez); - let e0_eval = E::new(0, 0, aez); for (raw_wi, raw_xi) in blocks.pairs_mut() { e2_eval.advance(); e1_eval.advance(); @@ -677,35 +676,26 @@ fn aez_hash(aez: &Aez, tweaks: Tweak) -> Block { for (i, tweak) in tweaks.iter().enumerate() { // Adjust for zero-based vs one-based indexing let j = i + 2 + 1; + let mut ej = E::new(j.try_into().unwrap(), 0, aez); // This is somewhat implicit in the AEZ spec, but basically for an empty string we still // set l = 1 and then xor E_K^{j, 0}(10*). We could modify the last if branch to cover this // as well, but then we need to fiddle with getting an empty chunk from an empty iterator. if tweak.is_empty() { - hash = hash ^ e(j.try_into().unwrap(), 0, aez, Block::one()); + hash = hash ^ ej.eval(Block::one()); } else if tweak.len() % 16 == 0 { - for (l, chunk) in tweak.chunks(16).enumerate() { - hash = hash - ^ e( - j.try_into().unwrap(), - (l + 1).try_into().unwrap(), - aez, - Block::from_slice(chunk), - ); + for chunk in tweak.chunks(16) { + ej.advance(); + hash = hash ^ ej.eval(Block::from_slice(chunk)); } } else { let blocks = pad_to_blocks(tweak); for (l, chunk) in blocks.iter().enumerate() { - hash = hash - ^ e( - j.try_into().unwrap(), - if l == blocks.len() - 1 { - 0 - } else { - (l + 1).try_into().unwrap() - }, - aez, - *chunk, - ); + ej.advance(); + if l == blocks.len() - 1 { + hash = hash ^ e(j.try_into().unwrap(), 0, aez, *chunk); + } else { + hash = hash ^ ej.eval(*chunk); + } } } } @@ -773,7 +763,11 @@ impl<'a> E<'a> { /// Shorthand to get E_K^{j,i}(block) fn e(j: i32, i: u32, aez: &Aez, block: Block) -> Block { if j == -1 { - let delta = aez.key_l * i; + let delta = if i < 8 { + aez.key_l_multiples[i as usize] + } else { + aez.key_l * i + }; aez.aes.aes10(block ^ delta) } else { E::new(j, i, aez).eval(block) |