Skip to content

Commit ed495db

Browse files
newpavlovnewpavlov
authored
eax: simplify tag computation (#805)
1 parent e6a9c31 commit ed495db

File tree

1 file changed

+4
-27
lines changed

1 file changed

+4
-27
lines changed

eax/src/lib.rs

Lines changed: 4 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -133,8 +133,7 @@ pub use cipher;
133133

134134
use aead::{TagPosition, inout::InOutBuf};
135135
use cipher::{
136-
BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore, array::Array,
137-
common::OutputSizeUser, consts::U16, typenum::Unsigned,
136+
BlockCipherEncrypt, BlockSizeUser, InnerIvInit, StreamCipherCore, array::Array, consts::U16,
138137
};
139138
use cmac::{Cmac, Mac, digest::Output};
140139
use core::marker::PhantomData;
@@ -159,9 +158,6 @@ pub type Nonce<NonceSize> = Array<u8, NonceSize>;
159158
/// EAX tags
160159
pub type Tag<TagSize> = Array<u8, TagSize>;
161160

162-
// TODO: Drop that once https://github.com/RustCrypto/traits/pull/1533 releases.
163-
type OutputSize<T> = <T as OutputSizeUser>::OutputSize;
164-
165161
pub mod online;
166162

167163
/// Counter mode with a 128-bit big endian counter.
@@ -251,17 +247,8 @@ where
251247
let c = Self::cmac_with_iv(&self.key, 2, buffer.get_out());
252248

253249
// 5. tag ← n ^ h ^ c
254-
// (^ means xor)
255-
let full_tag: Array<_, OutputSize<Cmac<Cipher>>> = n
256-
.into_iter()
257-
.zip(h)
258-
.map(|(a, b)| a ^ b)
259-
.zip(c)
260-
.map(|(a, b)| a ^ b)
261-
.take(OutputSize::<Cmac<Cipher>>::to_usize())
262-
.collect();
263-
264-
let tag = Tag::<M>::try_from(&full_tag[..M::to_usize()]).expect("tag size mismatch");
250+
let tag = Array::<u8, M>::from_fn(|i| n[i] ^ h[i] ^ c[i]);
251+
265252
Ok(tag)
266253
}
267254

@@ -286,17 +273,7 @@ where
286273
let c = Self::cmac_with_iv(&self.key, 2, buffer.get_in());
287274

288275
// 5. tag ← n ^ h ^ c
289-
// (^ means xor)
290-
let expected_tag: Array<_, OutputSize<Cmac<Cipher>>> = n
291-
.into_iter()
292-
.zip(h)
293-
.map(|(a, b)| a ^ b)
294-
.zip(c)
295-
.map(|(a, b)| a ^ b)
296-
.take(OutputSize::<Cmac<Cipher>>::to_usize())
297-
.collect();
298-
299-
let expected_tag = &expected_tag[..tag.len()];
276+
let expected_tag = Array::<u8, M>::from_fn(|i| n[i] ^ h[i] ^ c[i]);
300277

301278
// Constant-time MAC comparison
302279
use subtle::ConstantTimeEq;

0 commit comments

Comments
 (0)