poly1305: Make mac = (h + pad) % (2^128) step more expressive

orion-rs · Jan 23, 2022 · 12efbd8 · 12efbd8
1 parent 26e6ffb
commit 12efbd8
Showing 1 changed file with 9 additions and 11 deletions.
diff --git a/src/hazardous/mac/poly1305.rs b/src/hazardous/mac/poly1305.rs
@@ -178,8 +178,6 @@ impl Poly1305 {
     #[rustfmt::skip]
     #[allow(clippy::cast_lossless)]
     #[allow(clippy::identity_op)]
-    #[allow(clippy::unreadable_literal)]
-    #[allow(clippy::assign_op_pattern)]
     /// Remaining processing after all data blocks have been processed.
     fn process_end_of_stream(&mut self) {
         // full carry h
@@ -212,17 +210,17 @@ impl Poly1305 {
         h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
         h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff;
 
-        // mac = (h + pad) % (2^128)
-        let mut f: u64 = (h0 as u64) + (self.s[0] as u64); h0 = f as u32;
-        f = (h1 as u64) + (self.s[1] as u64) + (f >> 32); h1 = f as u32;
-        f = (h2 as u64) + (self.s[2] as u64) + (f >> 32); h2 = f as u32;
-        f = (h3 as u64) + (self.s[3] as u64) + (f >> 32); h3 = f as u32;
+        // mac = (h + s) % 2^128
+        let (r0, c) = h0.overflowing_add(self.s[0]); h1 += u32::from(c);
+        let (r1, c) = h1.overflowing_add(self.s[1]); h2 += u32::from(c);
+        let (r2, c) = h2.overflowing_add(self.s[2]); h3 += u32::from(c);
+        let (r3, _) = h3.overflowing_add(self.s[3]);
 
         // Set self.a to MAC result
-        self.a[0] = h0;
-        self.a[1] = h1;
-        self.a[2] = h2;
-        self.a[3] = h3;
+        self.a[0] = r0;
+        self.a[1] = r1;
+        self.a[2] = r2;
+        self.a[3] = r3;
     }
 
     #[allow(clippy::unreadable_literal)]