Replace legacy copy_out_be/le

Co-Authored-By: Fabian Albert <[email protected]>

src/lib/block/aes/aes.cpp

@@ -11,6 +11,9 @@
 #include <botan/internal/ct_utils.h>
 #include <botan/internal/loadstor.h>
 #include <botan/internal/rotate.h>
+#include <botan/internal/stl_util.h>
+
+#include <span>
 
 namespace Botan {
 
@@ -501,8 +504,12 @@ void inv_mix_columns(uint32_t B[8]) {
 /*
 * AES Encryption
 */
-void aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secure_vector<uint32_t>& EK) {
+void aes_encrypt_n(std::span<const uint8_t> in, std::span<uint8_t> out, const secure_vector<uint32_t>& EK) {
+   constexpr size_t BLOCK_SIZE = 16;
+   constexpr size_t BITSLICED_BLOCK_BYTES = 2 * BLOCK_SIZE;
+
    BOTAN_ASSERT(EK.size() == 44 || EK.size() == 52 || EK.size() == 60, "Key was set");
+   BOTAN_ASSERT_NOMSG(in.size() == out.size() && in.size() % BLOCK_SIZE == 0);
 
    const size_t rounds = (EK.size() - 4) / 4;
 
@@ -511,15 +518,16 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secur
       ks_expand(&KS[8 * i], EK.data(), 4 * i + 4);
    }
 
-   const size_t BLOCK_SIZE = 16;
-   const size_t BITSLICED_BLOCKS = 8 * sizeof(uint32_t) / BLOCK_SIZE;
+   BufferSlicer in_bs(in);
+   BufferStuffer out_bs(out);
 
-   while(blocks > 0) {
-      const size_t this_loop = std::min(blocks, BITSLICED_BLOCKS);
+   while(!in_bs.empty()) {
+      const size_t bytes_this_loop = std::min(in_bs.remaining(), BITSLICED_BLOCK_BYTES);
 
-      uint32_t B[8] = {0};
+      uint32_t B[8] = {};
+      std::span<uint32_t> B_this_loop(B, bytes_this_loop / sizeof(uint32_t));
 
-      load_be(B, in, this_loop * 4);
+      load_be(B_this_loop, in_bs.take(bytes_this_loop));
 
       CT::poison(B, 8);
 
@@ -550,19 +558,22 @@ void aes_encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secur
 
       CT::unpoison(B, 8);
 
-      copy_out_be(out, this_loop * 4 * sizeof(uint32_t), B);
-
-      in += this_loop * BLOCK_SIZE;
-      out += this_loop * BLOCK_SIZE;
-      blocks -= this_loop;
+      store_be(out_bs.next(bytes_this_loop), B_this_loop);
    }
+
+   BOTAN_ASSERT_NOMSG(in_bs.empty());
+   BOTAN_ASSERT_NOMSG(out_bs.full());
 }
 
 /*
 * AES Decryption
 */
-void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secure_vector<uint32_t>& DK) {
+void aes_decrypt_n(std::span<const uint8_t> in, std::span<uint8_t> out, const secure_vector<uint32_t>& DK) {
+   constexpr size_t BLOCK_SIZE = 16;
+   constexpr size_t BITSLICED_BLOCK_BYTES = 2 * BLOCK_SIZE;
+
    BOTAN_ASSERT(DK.size() == 44 || DK.size() == 52 || DK.size() == 60, "Key was set");
+   BOTAN_ASSERT_NOMSG(in.size() == out.size() && in.size() % BLOCK_SIZE == 0);
 
    const size_t rounds = (DK.size() - 4) / 4;
 
@@ -571,17 +582,18 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secur
       ks_expand(&KS[8 * i], DK.data(), 4 * i + 4);
    }
 
-   const size_t BLOCK_SIZE = 16;
-   const size_t BITSLICED_BLOCKS = 8 * sizeof(uint32_t) / BLOCK_SIZE;
+   BufferSlicer in_bs(in);
+   BufferStuffer out_bs(out);
 
-   while(blocks > 0) {
-      const size_t this_loop = std::min(blocks, BITSLICED_BLOCKS);
+   while(!in_bs.empty()) {
+      const size_t bytes_this_loop = std::min(in_bs.remaining(), BITSLICED_BLOCK_BYTES);
 
-      uint32_t B[8] = {0};
+      uint32_t B[8] = {};
+      std::span<uint32_t> B_this_loop(B, bytes_this_loop / sizeof(uint32_t));
 
       CT::poison(B, 8);
 
-      load_be(B, in, this_loop * 4);
+      load_be(B_this_loop, in_bs.take(bytes_this_loop));
 
       for(size_t i = 0; i != 8; ++i) {
          B[i] ^= DK[i % 4];
@@ -610,12 +622,11 @@ void aes_decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks, const secur
 
       CT::unpoison(B, 8);
 
-      copy_out_be(out, this_loop * 4 * sizeof(uint32_t), B);
-
-      in += this_loop * BLOCK_SIZE;
-      out += this_loop * BLOCK_SIZE;
-      blocks -= this_loop;
+      store_be(out_bs.next(bytes_this_loop), B_this_loop);
    }
+
+   BOTAN_ASSERT_NOMSG(in_bs.empty());
+   BOTAN_ASSERT_NOMSG(out_bs.full());
 }
 
 inline uint32_t xtime32(uint32_t s) {
@@ -824,7 +835,8 @@ void AES_128::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_encrypt_n(in, out, blocks, m_EK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::encrypt_n()
+   aes_encrypt_n(std::span<const uint8_t>(in, blocks * BLOCK_SIZE), std::span<uint8_t>(out, blocks * BLOCK_SIZE), m_EK);
 }
 
 void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const {
@@ -842,7 +854,8 @@ void AES_128::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_decrypt_n(in, out, blocks, m_DK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::decrypt_n()
+   aes_decrypt_n(std::span<const uint8_t>(in, blocks * BLOCK_SIZE), std::span<uint8_t>(out, blocks * BLOCK_SIZE), m_DK);
 }
 
 void AES_128::key_schedule(std::span<const uint8_t> key) {
@@ -887,7 +900,8 @@ void AES_192::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_encrypt_n(in, out, blocks, m_EK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::encrypt_n()
+   aes_encrypt_n(std::span(in, blocks * BLOCK_SIZE), std::span(out, blocks * BLOCK_SIZE), m_EK);
 }
 
 void AES_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const {
@@ -905,7 +919,8 @@ void AES_192::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_decrypt_n(in, out, blocks, m_DK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::decrypt_n()
+   aes_decrypt_n(std::span<const uint8_t>(in, blocks * BLOCK_SIZE), std::span<uint8_t>(out, blocks * BLOCK_SIZE), m_DK);
 }
 
 void AES_192::key_schedule(std::span<const uint8_t> key) {
@@ -950,7 +965,8 @@ void AES_256::encrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_encrypt_n(in, out, blocks, m_EK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::encrypt_n()
+   aes_encrypt_n(std::span(in, blocks * BLOCK_SIZE), std::span(out, blocks * BLOCK_SIZE), m_EK);
 }
 
 void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const {
@@ -968,7 +984,8 @@ void AES_256::decrypt_n(const uint8_t in[], uint8_t out[], size_t blocks) const
    }
 #endif
 
-   aes_decrypt_n(in, out, blocks, m_DK);
+   // TODO: Adapt once we use std::span<> for BlockCipher::decrypt_n()
+   aes_decrypt_n(std::span<const uint8_t>(in, blocks * BLOCK_SIZE), std::span<uint8_t>(out, blocks * BLOCK_SIZE), m_DK);
 }
 
 void AES_256::key_schedule(std::span<const uint8_t> key) {

src/lib/compat/sodium/sodium_salsa.cpp

@@ -45,8 +45,7 @@ int Sodium::crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_
 
    uint32_t out32[8] = {0};
    Salsa20::hsalsa20(out32, in32);
-
-   copy_out_le(out, 32, out32);
+   store_le(std::span<uint8_t, 32>(out, 32), out32);
    return 0;
 }
 

src/lib/hash/blake2/blake2b.cpp

@@ -161,7 +161,7 @@ void BLAKE2b::final_result(std::span<uint8_t> output) {
 
    m_F = 0xFFFFFFFFFFFFFFFF;
    compress(m_buffer.consume().data(), 1, pos);
-   copy_out_vec_le(output.data(), output_length(), m_H);
+   copy_out_le(output.first(output_length()), m_H);
    state_init();
 }
 

src/lib/hash/blake2s/blake2s.cpp

@@ -141,7 +141,7 @@ void BLAKE2s::final_result(std::span<uint8_t> out) {
    compress(true);  // final block flag = 1
 
    // little endian convert and store
-   copy_out_le<uint32_t>(out.data(), m_outlen, m_h);
+   copy_out_le(out.first(output_length()), m_h);
 
    clear();
 };

src/lib/hash/mdx_hash/mdx_hash.h

@@ -114,9 +114,9 @@ class MerkleDamgard_Hash final {
          BOTAN_ASSERT_NOMSG(output.size() >= MD::output_bytes);
 
          if constexpr(MD::byte_endianness == MD_Endian::Big) {
-            copy_out_vec_be(output.data(), MD::output_bytes, m_digest);
+            copy_out_be(output.first(MD::output_bytes), m_digest);
          } else {
-            copy_out_vec_le(output.data(), MD::output_bytes, m_digest);
+            copy_out_le(output.first(MD::output_bytes), m_digest);
          }
       }
 

src/lib/hash/skein/skein_512.cpp

@@ -144,7 +144,7 @@ void Skein_512::final_result(std::span<uint8_t> out) {
    reset_tweak(SKEIN_OUTPUT, true);
    ubi_512(counter, sizeof(counter));
 
-   copy_out_vec_le(out.data(), m_output_bits / 8, m_threefish->m_K);
+   copy_out_le(out.first(m_output_bits / 8), m_threefish->m_K);
 
    initial_block();
 }

src/lib/utils/loadstor.h

@@ -726,44 +726,6 @@ void copy_out_le(std::span<uint8_t> out, InR&& in) {
    }
 }
 
-template <typename T>
-void copy_out_be(uint8_t out[], size_t out_bytes, const T in[]) {
-   while(out_bytes >= sizeof(T)) {
-      store_be(in[0], out);
-      out += sizeof(T);
-      out_bytes -= sizeof(T);
-      in += 1;
-   }
-
-   for(size_t i = 0; i != out_bytes; ++i) {
-      out[i] = get_byte_var(i % 8, in[0]);
-   }
-}
-
-template <typename T, typename Alloc>
-void copy_out_vec_be(uint8_t out[], size_t out_bytes, const std::vector<T, Alloc>& in) {
-   copy_out_be(out, out_bytes, in.data());
-}
-
-template <typename T>
-void copy_out_le(uint8_t out[], size_t out_bytes, const T in[]) {
-   while(out_bytes >= sizeof(T)) {
-      store_le(in[0], out);
-      out += sizeof(T);
-      out_bytes -= sizeof(T);
-      in += 1;
-   }
-
-   for(size_t i = 0; i != out_bytes; ++i) {
-      out[i] = get_byte_var(sizeof(T) - 1 - (i % 8), in[0]);
-   }
-}
-
-template <typename T, typename Alloc>
-void copy_out_vec_le(uint8_t out[], size_t out_bytes, const std::vector<T, Alloc>& in) {
-   copy_out_le(out, out_bytes, in.data());
-}
-
 }  // namespace Botan
 
 #endif

src/lib/utils/poly_dbl/poly_dbl.cpp

@@ -46,7 +46,7 @@ void poly_double(uint8_t out[], const uint8_t in[]) {
 
    W[LIMBS - 1] = (W[LIMBS - 1] << 1) ^ carry;
 
-   copy_out_be(out, LIMBS * 8, W);
+   copy_out_be(std::span(out, LIMBS * 8), W);
 }
 
 template <size_t LIMBS, MinWeightPolynomial P>
@@ -66,7 +66,7 @@ void poly_double_le(uint8_t out[], const uint8_t in[]) {
 
    W[0] = (W[0] << 1) ^ carry;
 
-   copy_out_le(out, LIMBS * 8, W);
+   copy_out_le(std::span(out, LIMBS * 8), W);
 }
 
 }  // namespace