Document when it's safe to avoid clone()

Remove unaligned test. Calling a C function with the wrong alignment is intentionally very hard in Zig.
jedisct1 · Jun 10, 2024 · 9c7677d · 9c7677d
1 parent 8256461
commit 9c7677d
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 55 deletions.
diff --git a/src/include/aegis128l.h b/src/include/aegis128l.h
@@ -265,7 +265,8 @@ void aegis128l_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis128l_mac_state_clone()`.
+ * with `aegis128l_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis128l_mac_init(aegis128l_state *st_, const uint8_t *k);
 

diff --git a/src/include/aegis128x2.h b/src/include/aegis128x2.h
@@ -265,7 +265,8 @@ void aegis128x2_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t cle
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis128x2_mac_state_clone()`.
+ * with `aegis128x2_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis128x2_mac_init(aegis128x2_state *st_, const uint8_t *k);
 

diff --git a/src/include/aegis128x4.h b/src/include/aegis128x4.h
@@ -265,7 +265,8 @@ void aegis128x4_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t cle
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis128x4_mac_state_clone()`.
+ * with `aegis128x4_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis128x4_mac_init(aegis128x4_state *st_, const uint8_t *k);
 

diff --git a/src/include/aegis256.h b/src/include/aegis256.h
@@ -265,7 +265,8 @@ void aegis256_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t clen,
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis256_mac_state_clone()`.
+ * with `aegis256_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis256_mac_init(aegis256_state *st_, const uint8_t *k);
 

diff --git a/src/include/aegis256x2.h b/src/include/aegis256x2.h
@@ -265,7 +265,8 @@ void aegis256x2_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t cle
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis256x2_mac_state_clone()`.
+ * with `aegis256x2_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis256x2_mac_init(aegis256x2_state *st_, const uint8_t *k);
 

diff --git a/src/include/aegis256x4.h b/src/include/aegis256x4.h
@@ -265,7 +265,8 @@ void aegis256x4_decrypt_unauthenticated(uint8_t *m, const uint8_t *c, size_t cle
  * The recommended way to use the MAC mode is to generate a random key and keep it secret.
  *
  * After initialization, the state can be reused to generate multiple MACs by cloning it
- * with `aegis256_mac_state_clone()`.
+ * with `aegis256_mac_state_clone()`. It is only safe to copy a state directly without using
+ * the clone function if the state is guaranteed to be properly aligned.
  */
 void aegis256x4_mac_init(aegis256x4_state *st_, const uint8_t *k);
 

diff --git a/src/test/main.zig b/src/test/main.zig
@@ -741,52 +741,3 @@ test "aegis128x4 - MAC" {
  try testing.expectEqual(ret, 0);
  try testing.expectEqualSlices(u8, &mac, &mac2);
 }
-
-test "aegis128l - MAC with unaligned state" {
- const key = [16]u8{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
- const msg = [_]u8{ 1, 2, 3 } ** 100;
- const msg2 = [_]u8{ 4, 5, 6, 7, 8 } ** 100 ++ [_]u8{0};
-
- const UnalignedState1 = struct {
- pad: u8 = 0xd0,
- x: aegis.aegis128l_state,
- };
- const UnalignedState2 = struct {
- pad: u16 = 0xd0,
- x: aegis.aegis128l_state,
- };
-
- var st0: UnalignedState1 = undefined;
- aegis.aegis128l_mac_init(&st0.x, &key);
-
- var st: UnalignedState2 = undefined;
- aegis.aegis128l_mac_state_clone(&st.x, &st0.x);
- var ret = aegis.aegis128l_mac_update(&st.x, &msg, msg.len);
- try testing.expectEqual(ret, 0);
- ret = aegis.aegis128l_mac_update(&st.x, &msg2, msg2.len);
- try testing.expectEqual(ret, 0);
- var mac: [32]u8 = undefined;
- ret = aegis.aegis128l_mac_final(&st.x, &mac, mac.len);
- try testing.expectEqual(ret, 0);
-
- aegis.aegis128l_mac_state_clone(&st.x, &st0.x);
- ret = aegis.aegis128l_mac_update(&st.x, &msg, msg.len);
- try testing.expectEqual(ret, 0);
- ret = aegis.aegis128l_mac_update(&st.x, &msg2, msg2.len);
- try testing.expectEqual(ret, 0);
- ret = aegis.aegis128l_mac_verify(&st.x, &mac, mac.len);
- try testing.expectEqual(ret, 0);
-
- aegis.aegis128l_mac_state_clone(&st.x, &st0.x);
- const msg3 = msg ++ msg2;
- ret = aegis.aegis128l_mac_update(&st.x, &msg3, msg3.len);
- try testing.expectEqual(ret, 0);
- ret = aegis.aegis128l_mac_verify(&st.x, &mac, mac.len);
- try testing.expectEqual(ret, 0);
-
- const nonce = [_]u8{0} ** 16;
- var mac2: [mac.len]u8 = undefined;
- ret = aegis.aegis128l_encrypt_detached(&mac2, &mac2, mac2.len, "", 0, &msg3, msg3.len, &nonce, &key);
- try testing.expectEqual(ret, 0);
- try testing.expectEqualSlices(u8, &mac, &mac2);
-}