commit 3c3d1f7454b902ccec1108aa708824e4ea90f613
parent 575c92b3a417af978dacea4e4a34a0316b01c71d
Author: Jared Tobin <jared@jtobin.io>
Date: Tue, 11 Mar 2025 09:16:32 +0400
lib: smarter padding
Diffstat:
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/lib/Crypto/AEAD/ChaCha20Poly1305.hs b/lib/Crypto/AEAD/ChaCha20Poly1305.hs
@@ -64,7 +64,7 @@ _poly1305_key_gen key@(BI.PS _ _ l) nonce
pad16 :: BS.ByteString -> BS.ByteString
pad16 (BI.PS _ _ l)
- | l == 16 = mempty
+ | l `rem` 16 == 0 = mempty
| otherwise = BS.replicate (16 - l `rem` 16) 0
{-# INLINE pad16 #-}
@@ -98,10 +98,8 @@ encrypt aad key nonce plaintext
| otherwise =
let otk = _poly1305_key_gen key nonce
cip = ChaCha20.cipher key 1 nonce plaintext
- md0 | BS.length aad == 0 = mempty
- | otherwise = aad <> pad16 aad
- md1 | BS.length cip == 0 = md0
- | otherwise = md0 <> cip <> pad16 cip
+ md0 = aad <> pad16 aad
+ md1 = md0 <> cip <> pad16 cip
md2 = md1 <> unroll8 (fi (BS.length aad))
md3 = md2 <> unroll8 (fi (BS.length cip))
tag = Poly1305.mac otk md3
@@ -132,10 +130,8 @@ decrypt aad key nonce (cip, mac)
| BS.length mac /= 16 = Nothing
| otherwise =
let otk = _poly1305_key_gen key nonce
- md0 | BS.length aad == 0 = mempty
- | otherwise = aad <> pad16 aad
- md1 | BS.length cip == 0 = md0
- | otherwise = md0 <> cip <> pad16 cip
+ md0 = aad <> pad16 aad
+ md1 = md0 <> cip <> pad16 cip
md2 = md1 <> unroll8 (fi (BS.length aad))
md3 = md2 <> unroll8 (fi (BS.length cip))
tag = Poly1305.mac otk md3