@@ -4,6 +4,7 @@ use aead::{
44 consts:: U16 ,
55} ;
66use ascon:: State ;
7+ use inout:: InOutBuf ;
78use subtle:: ConstantTimeEq ;
89
910/// Produce mask for padding.
@@ -167,63 +168,68 @@ impl<'a, P: Parameters> AsconCore<'a, P> {
167168 self . state [ 4 ] ^= 0x8000000000000000 ;
168169 }
169170
170- fn process_encrypt_inplace ( & mut self , message : & mut [ u8 ] ) {
171- let mut blocks = message. chunks_exact_mut ( 16 ) ;
172- for block in blocks. by_ref ( ) {
171+ fn process_encrypt_inout ( & mut self , message : InOutBuf < ' _ , ' _ , u8 > ) {
172+ let ( blocks, mut last_block) = message. into_chunks :: < U16 > ( ) ;
173+
174+ for mut block in blocks {
173175 // process full block of message
174- self . state [ 0 ] ^= u64_from_bytes ( & block[ ..8 ] ) ;
175- block[ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ) ) ;
176- self . state [ 1 ] ^= u64_from_bytes ( & block[ 8 ..16 ] ) ;
177- block[ 8 ..16 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 1 ] ) ) ;
176+ self . state [ 0 ] ^= u64_from_bytes ( & block. get_in ( ) [ ..8 ] ) ;
177+ block. get_out ( ) [ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ) ) ;
178+ self . state [ 1 ] ^= u64_from_bytes ( & block. get_in ( ) [ 8 ..16 ] ) ;
179+ block. get_out ( ) [ 8 ..16 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 1 ] ) ) ;
178180 self . permute_state ( ) ;
179181 }
180182
181183 // process partial block if it exists
182- let mut last_block = blocks. into_remainder ( ) ;
183184 let sidx = if last_block. len ( ) >= 8 {
184- self . state [ 0 ] ^= u64_from_bytes ( & last_block[ ..8 ] ) ;
185- last_block[ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ) ) ;
186- last_block = & mut last_block[ 8 .. ] ;
185+ self . state [ 0 ] ^= u64_from_bytes ( & last_block. get_in ( ) [ ..8 ] ) ;
186+ last_block. get_out ( ) [ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ) ) ;
187+ ( _ , last_block) = last_block. split_at ( 8 ) ;
187188 1
188189 } else {
189190 0
190191 } ;
191192 self . state [ sidx] ^= pad ( last_block. len ( ) ) ;
192193 if !last_block. is_empty ( ) {
193- self . state [ sidx] ^= u64_from_bytes_partial ( last_block) ;
194- last_block. copy_from_slice ( & u64:: to_le_bytes ( self . state [ sidx] ) [ 0 ..last_block. len ( ) ] ) ;
194+ self . state [ sidx] ^= u64_from_bytes_partial ( last_block. get_in ( ) ) ;
195+ let last_block_len = last_block. len ( ) ;
196+ last_block
197+ . get_out ( )
198+ . copy_from_slice ( & u64:: to_le_bytes ( self . state [ sidx] ) [ 0 ..last_block_len] ) ;
195199 }
196200 }
197201
198- fn process_decrypt_inplace ( & mut self , ciphertext : & mut [ u8 ] ) {
199- let mut blocks = ciphertext. chunks_exact_mut ( 16 ) ;
200- for block in blocks. by_ref ( ) {
202+ fn process_decrypt_inout ( & mut self , ciphertext : InOutBuf < ' _ , ' _ , u8 > ) {
203+ let ( blocks , mut last_block ) = ciphertext. into_chunks :: < U16 > ( ) ;
204+ for mut block in blocks {
201205 // process full block of ciphertext
202- let cx = u64_from_bytes ( & block[ ..8 ] ) ;
203- block[ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ^ cx) ) ;
206+ let cx = u64_from_bytes ( & block. get_in ( ) [ ..8 ] ) ;
207+ block. get_out ( ) [ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ^ cx) ) ;
204208 self . state [ 0 ] = cx;
205- let cx = u64_from_bytes ( & block[ 8 ..16 ] ) ;
206- block[ 8 ..16 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 1 ] ^ cx) ) ;
209+ let cx = u64_from_bytes ( & block. get_in ( ) [ 8 ..16 ] ) ;
210+ block. get_out ( ) [ 8 ..16 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 1 ] ^ cx) ) ;
207211 self . state [ 1 ] = cx;
208212 self . permute_state ( ) ;
209213 }
210214
211215 // process partial block if it exists
212- let mut last_block = blocks. into_remainder ( ) ;
213216 let sidx = if last_block. len ( ) >= 8 {
214- let cx = u64_from_bytes ( & last_block[ ..8 ] ) ;
215- last_block[ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ^ cx) ) ;
217+ let cx = u64_from_bytes ( & last_block. get_in ( ) [ ..8 ] ) ;
218+ last_block. get_out ( ) [ ..8 ] . copy_from_slice ( & u64:: to_le_bytes ( self . state [ 0 ] ^ cx) ) ;
216219 self . state [ 0 ] = cx;
217- last_block = & mut last_block[ 8 .. ] ;
220+ ( _ , last_block) = last_block. split_at ( 8 ) ;
218221 1
219222 } else {
220223 0
221224 } ;
222225 self . state [ sidx] ^= pad ( last_block. len ( ) ) ;
223226 if !last_block. is_empty ( ) {
224- let cx = u64_from_bytes_partial ( last_block) ;
227+ let cx = u64_from_bytes_partial ( last_block. get_in ( ) ) ;
225228 self . state [ sidx] ^= cx;
226- last_block. copy_from_slice ( & u64:: to_le_bytes ( self . state [ sidx] ) [ 0 ..last_block. len ( ) ] ) ;
229+ let last_block_len = last_block. len ( ) ;
230+ last_block
231+ . get_out ( )
232+ . copy_from_slice ( & u64:: to_le_bytes ( self . state [ sidx] ) [ 0 ..last_block_len] ) ;
227233 self . state [ sidx] = clear ( self . state [ sidx] , last_block. len ( ) ) ^ cx;
228234 }
229235 }
@@ -245,7 +251,7 @@ impl<'a, P: Parameters> AsconCore<'a, P> {
245251 associated_data : & [ u8 ] ,
246252 ) -> Array < u8 , U16 > {
247253 self . process_associated_data ( associated_data) ;
248- self . process_encrypt_inplace ( message) ;
254+ self . process_encrypt_inout ( message. into ( ) ) ;
249255 Array :: from ( self . process_final ( ) )
250256 }
251257
@@ -256,7 +262,7 @@ impl<'a, P: Parameters> AsconCore<'a, P> {
256262 expected_tag : & Array < u8 , U16 > ,
257263 ) -> Result < ( ) , Error > {
258264 self . process_associated_data ( associated_data) ;
259- self . process_decrypt_inplace ( ciphertext) ;
265+ self . process_decrypt_inout ( ciphertext. into ( ) ) ;
260266
261267 let tag = self . process_final ( ) ;
262268 if bool:: from ( tag. ct_eq ( expected_tag) ) {
0 commit comments