2014-01-17 Niels Möller <nisse@lysator.liu.se>
+ * poly1305-internal.c (poly1305_block): Additional argument with
+ the high bit.
+ (poly1305_block_internal): Deleted function, code moved into the
+ poly1305_block.
+ (poly1305_digest): Simplified padding code, call poly1305_block
+ with high bit 0.
+ * poly1305.h (poly1305_block): Update prototype.
+ * poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
+ * x86_64/poly1305-internal.asm (poly1305_block): Handle new
+ argument.
+
* poly1305.h (struct poly1305_ctx): Moved nonce field from here...
(struct poly1305_aes_ctx): ... to here.
* poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
*
* Placed by the author under public domain or the MIT license.
* (see https://github.com/floodyberry/poly1305-donna )
- * Modified for nettle by Nikos Mavrogiannopoulos.
+ * Modified for nettle by Nikos Mavrogiannopoulos and Niels Möller.
*
* Copyright: 2012-2013 Andrew M. (floodyberry)
+ * Copyright: 2013 Nikos Mavrogiannopoulos
+ * Copyright: 2013 Niels Möller
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
#include "config.h"
#endif
+#include <assert.h>
#include <string.h>
#include "poly1305.h"
ctx->h4 = 0;
}
-static void
-poly1305_block_internal (struct poly1305_ctx *ctx,
- uint32_t t0, uint32_t t1, uint32_t t2, uint32_t t3,
- uint32_t t4)
+void
+poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
{
+ uint32_t t0,t1,t2,t3;
uint32_t b;
uint64_t t[5];
uint64_t c;
+ t0 = LE_READ_UINT32(m);
+ t1 = LE_READ_UINT32(m+4);
+ t2 = LE_READ_UINT32(m+8);
+ t3 = LE_READ_UINT32(m+12);
+
ctx->h0 += t0 & 0x3ffffff;
ctx->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
ctx->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
ctx->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
- ctx->h4 += (t3 >> 8) | (t4 << 24);
+ ctx->h4 += (t3 >> 8) | ((uint32_t) t4 << 24);
/* poly1305_donna_mul: */
t[0] = mul32x32_64(ctx->h0,ctx->r0) + mul32x32_64(ctx->h1,ctx->s4) + mul32x32_64(ctx->h2,ctx->s3) + mul32x32_64(ctx->h3,ctx->s2) + mul32x32_64(ctx->h4,ctx->s1);
ctx->h0 += b * 5;
}
-void
-poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16])
-{
- uint32_t t0,t1,t2,t3;
-
- /* full blocks */
- t0 = LE_READ_UINT32(m);
- t1 = LE_READ_UINT32(m+4);
- t2 = LE_READ_UINT32(m+8);
- t3 = LE_READ_UINT32(m+12);
-
- poly1305_block_internal (ctx, t0, t1, t2, t3, 1);
-}
-
void
poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest,
/* poly1305_donna_atmost15bytes: */
if (ctx->index > 0)
{
- uint32_t t0,t1,t2,t3;
- size_t j;
- uint8_t mp[16];
-
- for (j = 0; j < ctx->index; j++) mp[j] = ctx->block[j];
- mp[j++] = 1;
- for (; j < 16; j++) mp[j] = 0;
+ assert (ctx->index < POLY1305_BLOCK_SIZE);
- t0 = LE_READ_UINT32(mp);
- t1 = LE_READ_UINT32(mp+4);
- t2 = LE_READ_UINT32(mp+8);
- t3 = LE_READ_UINT32(mp+12);
+ ctx->block[ctx->index] = 1;
+ memset (ctx->block + ctx->index + 1,
+ 0, POLY1305_BLOCK_SIZE - 1 - ctx->index);
- poly1305_block_internal (ctx, t0, t1, t2, t3, 0);
+ poly1305_block (ctx, ctx->block, 0);
}
b = ctx->h0 >> 26; ctx->h0 = ctx->h0 & 0x3ffffff;
projects / thirdparty / nettle.git / commitdiff
