zig

commit 7abd62800cde3f42c0ef65126ed478a0c3d3d549 (tree)
parent 113d3dd3f0ff38d9ad870fa7b20de6fe601c6cb3
Author: Erik Schlyter <erik@erisc.se>
Date:   Tue, 12 Aug 2025 12:40:49 +0200

std.crypto.aegis: Absorb ad instead of encrypting it.

`Aegis256XGeneric` behaves differently than `Aegis128XGeneric` in that
it currently encrypts associated data instead of just absorbing it. Even
though the end result is the same, there's no point in encrypting and
copying the ad into a buffer that gets overwritten anyway. This fix
makes `Aegis256XGeneric` behave the same as `Aegis128XGeneric`.

Diffstat:
M
lib/std/crypto/aegis.zig
 | 
4
++--

1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/std/crypto/aegis.zig b/lib/std/crypto/aegis.zig
@@ -585,12 +585,12 @@ fn Aegis256XGeneric(comptime degree: u7, comptime tag_bits: u9) type {
             var dst: [block_length]u8 align(alignment) = undefined;
             var i: usize = 0;
             while (i + block_length <= ad.len) : (i += block_length) {
-                state.enc(&dst, ad[i..][0..block_length]);
+                state.absorb(ad[i..][0..block_length]);
             }
             if (ad.len % block_length != 0) {
                 @memset(src[0..], 0);
                 @memcpy(src[0 .. ad.len % block_length], ad[i..][0 .. ad.len % block_length]);
-                state.enc(&dst, &src);
+                state.absorb(&src);
             }
             i = 0;
             while (i + block_length <= m.len) : (i += block_length) {