New function _nettle_poly1305_update.

diff --git a/ChangeLog b/ChangeLog
index 3dc357f6afa32443278ff0ec369f7744eadd81c9..5aaa1b1c75e39aac962a757260d8a8e14c32b184 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2022-10-31  Niels Möller  <nisse@lysator.liu.se>
+
+       * md-internal.h (MD_FILL_OR_RETURN_INDEX): New macro.
+       * poly1305-update.c (_nettle_poly1305_update): New file and
+       function.
+       * poly1305-internal.h: Declare _nettle_poly1305_blocks and
+       _nettle_poly1305_update.
+       * chacha-poly1305.c (poly1305_update): Use _nettle_poly1305_update.
+       * poly1305-aes.c (poly1305_aes_update): Likewise.
+       * Makefile.in (nettle_SOURCES): Add poly1305-update.c.
+
 2022-10-13  Niels Möller  <nisse@lysator.liu.se>
 
        * gmp-glue.c (mpn_sec_tabselect) [NETTLE_USE_MINI_GMP]: Add back

diff --git a/Makefile.in b/Makefile.in
index 86b8a536e15012e7fdd445215f90f438d70e4cad..f4069ab78f5ca7dee22a41505860e8460469ab8d 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -136,7 +136,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
                 nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \
                 pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \
                 pbkdf2-hmac-sha256.c pbkdf2-hmac-sha384.c pbkdf2-hmac-sha512.c \
-                poly1305-aes.c poly1305-internal.c \
+                poly1305-aes.c poly1305-internal.c poly1305-update.c \
                 realloc.c \
                 ripemd160.c ripemd160-compress.c ripemd160-meta.c \
                 salsa20-core-internal.c salsa20-crypt-internal.c \

diff --git a/chacha-poly1305.c b/chacha-poly1305.c
index 7a423e1e627ac12cd221468063f8c3e9c5f292e4..ea8b295283c3094179e3954b139d7a075d4f5823 100644 (file)
--- a/chacha-poly1305.c
+++ b/chacha-poly1305.c
@@ -97,7 +97,8 @@ static void
 poly1305_update (struct chacha_poly1305_ctx *ctx,
                 size_t length, const uint8_t *data)
 {
-  MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
+  ctx->index = _nettle_poly1305_update (&(ctx)->poly1305,
+                                       ctx->block, ctx->index, length, data);
 }
 
 static void

diff --git a/md-internal.h b/md-internal.h
index fe520c63ce152172bc7b758d86f071b2dad8e1bf..a97b7b903d3ad12c6ea89900c5bb000a41f1bd30 100644 (file)
--- a/md-internal.h
+++ b/md-internal.h
@@ -32,6 +32,8 @@
 #ifndef NETTLE_MD_INTERNAL_H_INCLUDED
 #define NETTLE_MD_INTERNAL_H_INCLUDED
 
+#include <string.h>
+
 /* Internal helper macros for Merkle-Damgård hash functions. Assumes the context
    structs includes the following fields:
 
@@ -51,7 +53,18 @@
     memcpy((ctx)->block + (ctx)->index, (data), __md_left);    \
     (data) += __md_left;                                       \
     (length) -= __md_left;                                     \
-    (ctx)->index = 0;                                          \
   } while(0)
 
+#define MD_FILL_OR_RETURN_INDEX(block_size, block, index, length, data)        \
+  do {                                                                 \
+    unsigned __md_left = (block_size) - (index);                       \
+    if ((length) < __md_left)                                          \
+      {                                                                        \
+       memcpy(block + (index), (data), (length));                      \
+       return (index) + (length);                                      \
+      }                                                                        \
+    memcpy((block) + (index), (data), __md_left);                      \
+    (data) += __md_left;                                               \
+    (length) -= __md_left;                                             \
+  } while(0)
 #endif /* NETTLE_MD_INTERNAL_H_INCLUDED */

diff --git a/poly1305-aes.c b/poly1305-aes.c
index a4050254bb9ff15d4ad553f72bec26231a2bdcc6..374d5a7806eb8fab8d78288a8effc2c27ea4ccfb 100644 (file)
--- a/poly1305-aes.c
+++ b/poly1305-aes.c
@@ -56,13 +56,12 @@ poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
   memcpy (ctx->nonce, nonce, POLY1305_AES_NONCE_SIZE);
 }
 
-#define COMPRESS(ctx, data) _nettle_poly1305_block(&(ctx)->pctx, (data), 1)
-
 void
 poly1305_aes_update (struct poly1305_aes_ctx *ctx,
                     size_t length, const uint8_t *data)
 {
-  MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
+  ctx->index = _nettle_poly1305_update (&(ctx)->pctx,
+                                       ctx->block, ctx->index, length, data);
 }
 
 void

diff --git a/poly1305-internal.h b/poly1305-internal.h
index 9932d5245eee33b097aced314accade9fcc08ac2..a6afd46601d58ae8ef530f325ec6b7ec9f608adb 100644 (file)
--- a/poly1305-internal.h
+++ b/poly1305-internal.h
@@ -53,7 +53,15 @@ void _nettle_poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s)
 /* Process one block. */
 void _nettle_poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
                             unsigned high);
-
+/* Updates CTX by hashing M, which must be an integral number of
+   blocks. For convenience, returns a pointer to the end of the
+   data. Implies 128 set on all input blocks. */
+const uint8_t *
+_nettle_poly1305_blocks (struct poly1305_ctx *ctx, size_t blocks, const uint8_t *m);
+
+unsigned
+_nettle_poly1305_update (struct poly1305_ctx *ctx, uint8_t *buffer, unsigned index,
+                        size_t length, const uint8_t *m);
 #ifdef __cplusplus
 }
 #endif

diff --git a/poly1305-update.c b/poly1305-update.c
new file mode 100644 (file)
index 0000000..fdc7255
--- /dev/null
+++ b/poly1305-update.c
@@ -0,0 +1,63 @@
+/* poly1305-update.c
+
+   Copyright (C) 2022 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "poly1305.h"
+#include "poly1305-internal.h"
+#include "md-internal.h"
+
+unsigned
+_nettle_poly1305_update (struct poly1305_ctx *ctx,
+                        uint8_t *block, unsigned index,
+                        size_t length, const uint8_t *m)
+{
+  if (index > 0)
+    {
+      /* Try to fill partial block */
+      MD_FILL_OR_RETURN_INDEX (POLY1305_BLOCK_SIZE, block, index,
+                              length, m);
+      _nettle_poly1305_block(ctx, block, 1);
+    }
+#if HAVE_NATIVE_poly1305_blocks
+  m = _nettle_poly1305_blocks (ctx, length >> 4, m);
+  length &= 15;
+#else
+  for (; length >= POLY1305_BLOCK_SIZE;
+       length -= POLY1305_BLOCK_SIZE, m += POLY1305_BLOCK_SIZE)
+    _nettle_poly1305_block (ctx, m, 1);
+#endif
+
+  memcpy (block, m, length);
+  return length;
+}