hash(void *ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
- size_t digest_size,
uint64_t cnt,
size_t a_len, const uint8_t *a,
size_t b_len, const uint8_t *b,
update(ctx, a_len, a);
if (b && b_len)
update(ctx, b_len, b);
- digest(ctx, digest_size, dst);
+ digest(ctx, dst);
}
static void
hash_ints(void *ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
- size_t digest_size,
uint64_t i, uint64_t j, uint64_t k,
uint8_t *dst)
{
LE_WRITE_UINT64(tmp + 8, j);
LE_WRITE_UINT64(tmp + 16, k);
update(ctx, sizeof(tmp), tmp);
- digest(ctx, digest_size, dst);
+ digest(ctx, dst);
}
/* Takes length bytes long big number stored
uint8_t *buf = scratch + BS;
size_t i, j, k, cnt = 0;
- hash(hash_ctx, update, digest, digest_size,
+ hash(hash_ctx, update, digest,
cnt++, passwd_length, passwd, salt_length, salt, buf);
for (i = 1; i < s_cost; ++i)
- hash(hash_ctx, update, digest, digest_size,
+ hash(hash_ctx, update, digest,
cnt++, BS, buf + (i - 1) * BS, 0, NULL, buf + i * BS);
for (i = 0; i < t_cost; ++i)
{
for (j = 0; j < s_cost; ++j)
{
- hash(hash_ctx, update, digest, digest_size,
+ hash(hash_ctx, update, digest,
cnt++, BS, buf + (j ? j - 1 : s_cost - 1) * BS,
BS, buf + j * BS, buf + j * BS);
for (k = 0; k < DELTA; ++k)
{
- hash_ints(hash_ctx, update, digest, digest_size, i, j, k, block);
- hash(hash_ctx, update, digest, digest_size,
+ hash_ints(hash_ctx, update, digest, i, j, k, block);
+ hash(hash_ctx, update, digest,
cnt++, salt_length, salt, BS, block, block);
- hash(hash_ctx, update, digest, digest_size,
+ hash(hash_ctx, update, digest,
cnt++, BS, buf + j * BS,
BS, buf + block_to_int(BS, block, s_cost) * BS,
buf + j * BS);
void
chacha_poly1305_digest (struct chacha_poly1305_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
uint8_t buf[16];
_nettle_poly1305_block (&ctx->poly1305, buf, 1);
_nettle_poly1305_digest (&ctx->poly1305, &ctx->s);
- memcpy (digest, &ctx->s.b, length);
+ memcpy (digest, &ctx->s.b, CHACHA_POLY1305_DIGEST_SIZE);
}
void
chacha_poly1305_digest (struct chacha_poly1305_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#ifdef __cplusplus
}
void
cmac_aes128_digest(struct cmac_aes128_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- CMAC128_DIGEST(ctx, aes128_encrypt, length, digest);
+ CMAC128_DIGEST(ctx, aes128_encrypt, digest);
}
void
cmac_aes256_digest(struct cmac_aes256_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- CMAC128_DIGEST(ctx, aes256_encrypt, length, digest);
+ CMAC128_DIGEST(ctx, aes256_encrypt, digest);
}
void
cmac_des3_digest (struct cmac_des3_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- CMAC64_DIGEST (ctx, des3_encrypt, length, digest);
+ CMAC64_DIGEST (ctx, des3_encrypt, digest);
}
void
cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
const void *cipher, nettle_cipher_func *encrypt,
- unsigned length, uint8_t *dst)
+ uint8_t *dst)
{
union nettle_block16 Y;
block16_xor3 (&Y, &ctx->block, &ctx->X);
- assert(length <= 16);
- if (length == 16)
- {
- encrypt(cipher, 16, dst, Y.b);
- }
- else
- {
- encrypt(cipher, 16, ctx->block.b, Y.b);
- memcpy(dst, ctx->block.b, length);
- }
+ encrypt(cipher, 16, dst, Y.b);
/* reset state for re-use */
cmac128_init(ctx);
void
cmac128_digest(struct cmac128_ctx *ctx, const struct cmac128_key *key,
const void *cipher, nettle_cipher_func *encrypt,
- unsigned length, uint8_t *digest);
+ uint8_t *digest);
#define CMAC128_CTX(type) \
(nettle_cipher_func *)encrypt, \
(length), (src)))
-#define CMAC128_DIGEST(self, encrypt, length, digest) \
+#define CMAC128_DIGEST(self, encrypt, digest) \
(0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: cmac128_digest(&(self)->ctx, &(self)->key, \
&(self)->cipher, \
(nettle_cipher_func *) (encrypt), \
- (length), (digest)))
+ (digest)))
void
cmac64_set_key(struct cmac64_key *key, const void *cipher,
void
cmac64_digest(struct cmac64_ctx *ctx, const struct cmac64_key *key,
const void *cipher, nettle_cipher_func *encrypt,
- unsigned length, uint8_t *digest);
+ uint8_t *digest);
#define CMAC64_CTX(type) \
(nettle_cipher_func *)encrypt, \
(length), (src)))
-#define CMAC64_DIGEST(self, encrypt, length, digest) \
+#define CMAC64_DIGEST(self, encrypt, digest) \
(0 ? (encrypt)(&(self)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: cmac64_digest(&(self)->ctx, &(self)->key, \
&(self)->cipher, \
(nettle_cipher_func *) (encrypt), \
- (length), (digest)))
+ (digest)))
struct cmac_aes128_ctx CMAC128_CTX(struct aes128_ctx);
void
cmac_aes128_digest(struct cmac_aes128_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct cmac_aes256_ctx CMAC128_CTX(struct aes256_ctx);
void
cmac_aes256_digest(struct cmac_aes256_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct cmac_des3_ctx CMAC64_CTX(struct des3_ctx);
void
cmac_des3_digest(struct cmac_des3_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#ifdef __cplusplus
}
void
cmac64_digest(struct cmac64_ctx *ctx, const struct cmac64_key *key,
const void *cipher, nettle_cipher_func *encrypt,
- unsigned length, uint8_t *dst)
+ uint8_t *dst)
{
union nettle_block8 Y;
}
block8_xor3(&Y, &ctx->block, &ctx->X);
-
- assert(length <= 8);
- if (length == 8)
- {
- encrypt(cipher, 8, dst, Y.b);
- }
- else
- {
- encrypt(cipher, 8, ctx->block.b, Y.b);
- memcpy(dst, ctx->block.b, length);
- }
+ encrypt(cipher, 8, dst, Y.b);
/* reset state for re-use */
memset(&ctx->X, 0, sizeof(ctx->X));
void
eax_aes128_digest(struct eax_aes128_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- EAX_DIGEST(ctx, aes128_encrypt, length, digest);
+ EAX_DIGEST(ctx, aes128_encrypt, digest);
}
void
eax_digest (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- assert (length > 0);
- assert (length <= EAX_BLOCK_SIZE);
omac_final (&eax->omac_data, key, cipher, f);
omac_final (&eax->omac_message, key, cipher, f);
block16_xor (&eax->omac_nonce, &eax->omac_data);
- memxor3 (digest, eax->omac_nonce.b, eax->omac_message.b, length);
+ memxor3 (digest, eax->omac_nonce.b, eax->omac_message.b, EAX_DIGEST_SIZE);
}
void
eax_digest (struct eax_ctx *eax, const struct eax_key *key,
const void *cipher, nettle_cipher_func *f,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* Put the cipher last, to get cipher-independent offsets for the EAX
* state. */
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
-#define EAX_DIGEST(ctx, encrypt, length, digest) \
+#define EAX_DIGEST(ctx, encrypt, digest) \
(0 ? (encrypt) (&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: eax_digest (&(ctx)->eax, &(ctx)->key, \
&(ctx)->cipher, (nettle_cipher_func *) (encrypt), \
- (length), (digest)))
+ (digest)))
struct eax_aes128_ctx EAX_CTX(struct aes128_ctx);
size_t length, uint8_t *dst, const uint8_t *src);
void
-eax_aes128_digest(struct eax_aes128_ctx *ctx, size_t length, uint8_t *digest);
+eax_aes128_digest(struct eax_aes128_ctx *ctx, uint8_t *digest);
#ifdef __cplusplus
}
# include "config.h"
#endif
+#include "eddsa.h"
#include "eddsa-internal.h"
#include "nettle-types.h"
sha3_256_update (ctx, DOM_SIZE, dom);
}
+static void
+ed448_digest(struct sha3_256_ctx *ctx, uint8_t *digest)
+{
+ sha3_256_shake(ctx, 2*ED448_KEY_SIZE, digest);
+}
+
const struct ecc_eddsa _nettle_ed448_shake256 =
{
(nettle_hash_update_func *) sha3_256_update,
- (nettle_hash_digest_func *) sha3_256_shake,
+ (nettle_hash_digest_func *) ed448_digest,
ed448_dom,
~(mp_limb_t) 3,
(mp_limb_t) 1 << (447 % GMP_NUMB_BITS),
size_t nbytes = 1 + ecc->p.bit_size / 8;
eddsa->update (ctx, nbytes, key);
- eddsa->digest (ctx, 2*nbytes, digest);
+ eddsa->digest (ctx, digest);
/* For ed448, ignores the most significant byte. */
mpn_set_base256_le (k2, ecc->p.size, digest, (ecc->p.bit_size + 7) / 8);
struct ecc_eddsa
{
- /* Hash function to use */
+ /* Hash function to use, digest size must be 2*key-size. */
nettle_hash_update_func *update;
nettle_hash_digest_func *digest;
nettle_eddsa_dom_func *dom;
eddsa->dom (ctx);
eddsa->update (ctx, nbytes, k1);
eddsa->update (ctx, length, msg);
- eddsa->digest (ctx, 2*nbytes, hash);
+ eddsa->digest (ctx, hash);
_eddsa_hash (&ecc->q, rp, 2*nbytes, hash);
ecc->mul_g (ecc, P, rp, scratch_out);
eddsa->update (ctx, nbytes, signature);
eddsa->update (ctx, nbytes, pub);
eddsa->update (ctx, length, msg);
- eddsa->digest (ctx, 2*nbytes, hash);
+ eddsa->digest (ctx, hash);
_eddsa_hash (&ecc->q, hp, 2*nbytes, hash);
ecc_mod_mul (&ecc->q, sp, hp, k2, sp);
eddsa->update (ctx, nbytes, signature);
eddsa->update (ctx, nbytes, pub);
eddsa->update (ctx, length, msg);
- eddsa->digest (ctx, 2*nbytes, hash);
+ eddsa->digest (ctx, hash);
_eddsa_hash (&ecc->q, hp, 2*nbytes, hash);
/* Compute h A + R - s G, which should be the neutral point */
uint8_t *digest = xalloc (hash->digest_size);
hash->init (ctx);
hash->update (ctx, strlen(s), (const uint8_t *) s);
- hash->digest (ctx, hash->digest_size, digest);
+ hash->digest (ctx, digest);
free (ctx);
return digest;
nettle_hash_update_func *update;
nettle_hash_digest_func *digest;
size_t length;
- size_t digest_length;
const uint8_t *data;
};
length :
BENCH_BLOCK - pos;
info->update(info->ctx, single, info->data + pos);
- info->digest(info->ctx, info->digest_length, digest);
+ info->digest(info->ctx, digest);
}
}
info.ctx = &md5_ctx;
info.update = (nettle_hash_update_func *) hmac_md5_update;
info.digest = (nettle_hash_digest_func *) hmac_md5_digest;
- info.digest_length = MD5_DIGEST_SIZE;
for (pos = 0; hmac_tests[pos].length != 0; pos++)
{
info.ctx = &sha1_ctx;
info.update = (nettle_hash_update_func *) hmac_sha1_update;
info.digest = (nettle_hash_digest_func *) hmac_sha1_digest;
- info.digest_length = SHA1_DIGEST_SIZE;
for (pos = 0; hmac_tests[pos].length != 0; pos++)
{
info.ctx = &sha256_ctx;
info.update = (nettle_hash_update_func *) hmac_sha256_update;
info.digest = (nettle_hash_digest_func *) hmac_sha256_digest;
- info.digest_length = SHA256_DIGEST_SIZE;
for (pos = 0; hmac_tests[pos].length != 0; pos++)
{
info.ctx = &sha512_ctx;
info.update = (nettle_hash_update_func *) hmac_sha512_update;
info.digest = (nettle_hash_digest_func *) hmac_sha512_digest;
- info.digest_length = SHA512_DIGEST_SIZE;
for (pos = 0; hmac_tests[pos].length != 0; pos++)
{
/* This will work for encryption only! */
static void
-openssl_evp_gcm_digest(void *p, size_t length, uint8_t *dst)
+openssl_evp_gcm_digest(void *p, uint8_t *dst)
{
const struct openssl_cipher_ctx *ctx = p;
- int ret = EVP_CIPHER_CTX_ctrl(ctx->evp, EVP_CTRL_GCM_GET_TAG, length, dst);
+ int ret = EVP_CIPHER_CTX_ctrl(ctx->evp, EVP_CTRL_GCM_GET_TAG, 16, dst);
assert(ret == 1);
}
} \
\
static void \
-openssl_##name##_digest(void *p, \
- size_t length, uint8_t *dst) \
+openssl_##name##_digest(void *p, uint8_t *dst) \
{ \
struct openssl_hash_ctx *ctx = p; \
- assert(length == NAME##_DIGEST_SIZE); \
\
EVP_DigestFinal(ctx->evp, dst, NULL); \
EVP_DigestInit(ctx->evp, EVP_##name()); \
return 0;
}
}
- hmac_sha1_digest(&ctx->hmac, SHA1_DIGEST_SIZE, digest);
+ hmac_sha1_digest(&ctx->hmac, digest);
if (!memeql_sec(digest, buffer + AES_BLOCK_SIZE, SHA1_DIGEST_SIZE))
{
werror("Decryption failed: Invalid mac.\n");
assert (size + SHA1_DIGEST_SIZE <= sizeof(buffer));
- hmac_sha1_digest(&ctx->hmac, SHA1_DIGEST_SIZE, buffer + size);
+ hmac_sha1_digest(&ctx->hmac, buffer + size);
size += SHA1_DIGEST_SIZE;
if (!write_data(out, size, buffer))
void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, aes128_encrypt, length, digest);
+ GCM_DIGEST(ctx, aes128_encrypt, digest);
}
void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, aes192_encrypt, length, digest);
+ GCM_DIGEST(ctx, aes192_encrypt, digest);
}
void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, aes256_encrypt, length, digest);
+ GCM_DIGEST(ctx, aes256_encrypt, digest);
}
void
gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, camellia128_crypt, length, digest);
+ GCM_DIGEST(ctx, camellia128_crypt, digest);
}
void
gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, camellia256_crypt, length, digest);
+ GCM_DIGEST(ctx, camellia256_crypt, digest);
}
void
gcm_sm4_digest(struct gcm_sm4_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- GCM_DIGEST(ctx, sm4_crypt, length, digest);
+ GCM_DIGEST(ctx, sm4_crypt, digest);
}
void
gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
const void *cipher, nettle_cipher_func *f,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
+ /* FIXME: Reuse digest area? */
union nettle_block16 buffer;
- assert (length <= GCM_BLOCK_SIZE);
-
gcm_hash_sizes(key, &ctx->x, ctx->auth_size, ctx->data_size);
f (cipher, GCM_BLOCK_SIZE, buffer.b, ctx->iv.b);
block16_xor (&buffer, &ctx->x);
- memcpy (digest, buffer.b, length);
+ memcpy (digest, buffer.b, GCM_DIGEST_SIZE);
return;
}
void
gcm_digest(struct gcm_ctx *ctx, const struct gcm_key *key,
const void *cipher, nettle_cipher_func *f,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* Convenience macrology (not sure how useful it is) */
/* All-in-one context, with hash subkey, message state, and cipher. */
(nettle_cipher_func *) (encrypt), \
(length), (dst), (src)))
-#define GCM_DIGEST(ctx, encrypt, length, digest) \
+#define GCM_DIGEST(ctx, encrypt, digest) \
(0 ? (encrypt)(&(ctx)->cipher, ~(size_t) 0, \
(uint8_t *) 0, (const uint8_t *) 0) \
: gcm_digest(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \
(nettle_cipher_func *) (encrypt), \
- (length), (digest)))
+ (digest)))
struct gcm_aes128_ctx GCM_CTX(struct aes128_ctx);
void
gcm_aes128_digest(struct gcm_aes128_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct gcm_aes192_ctx GCM_CTX(struct aes192_ctx);
void
gcm_aes192_digest(struct gcm_aes192_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct gcm_aes256_ctx GCM_CTX(struct aes256_ctx);
void
gcm_aes256_digest(struct gcm_aes256_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct gcm_camellia128_ctx GCM_CTX(struct camellia128_ctx);
void gcm_camellia128_decrypt(struct gcm_camellia128_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia128_digest(struct gcm_camellia128_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct gcm_camellia256_ctx GCM_CTX(struct camellia256_ctx);
void gcm_camellia256_decrypt(struct gcm_camellia256_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_camellia256_digest(struct gcm_camellia256_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct gcm_sm4_ctx GCM_CTX(struct sm4_ctx);
void gcm_sm4_decrypt(struct gcm_sm4_ctx *ctx,
size_t length, uint8_t *dst, const uint8_t *src);
void gcm_sm4_digest(struct gcm_sm4_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#ifdef __cplusplus
*/
static void
gosthash94_write_digest (struct gosthash94_ctx *ctx,
- size_t length, uint8_t *result,
+ uint8_t *result,
const uint32_t sbox[4][256])
{
uint32_t msg32[GOSTHASH94_BLOCK_SIZE / 4];
- assert(length <= GOSTHASH94_DIGEST_SIZE);
-
/* pad the last block with zeroes and hash it */
if (ctx->index > 0)
{
gost_block_compress (ctx, ctx->sum, sbox);
/* convert hash state to result bytes */
- _nettle_write_le32(length, result, ctx->hash);
+ _nettle_write_le32(GOSTHASH94_DIGEST_SIZE, result, ctx->hash);
gosthash94_init (ctx);
}
void
gosthash94_digest (struct gosthash94_ctx *ctx,
- size_t length, uint8_t *result)
+ uint8_t *result)
{
- gosthash94_write_digest (ctx, length, result,
+ gosthash94_write_digest (ctx, result,
_nettle_gost28147_param_test_3411.sbox);
}
void
gosthash94cp_digest (struct gosthash94_ctx *ctx,
- size_t length, uint8_t *result)
+ uint8_t *result)
{
- gosthash94_write_digest (ctx, length, result,
+ gosthash94_write_digest (ctx, result,
_nettle_gost28147_param_CryptoPro_3411.sbox);
}
void gosthash94_update(struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg);
void gosthash94_digest(struct gosthash94_ctx *ctx,
- size_t length, uint8_t *result);
+ uint8_t *result);
#define gosthash94cp_init gosthash94_init
void gosthash94cp_update(struct gosthash94_ctx *ctx,
size_t length, const uint8_t *msg);
void gosthash94cp_digest(struct gosthash94_ctx *ctx,
- size_t length, uint8_t *result);
+ uint8_t *result);
#ifdef __cplusplus
}
# include "config.h"
#endif
+#include <string.h>
+
#include "hkdf.h"
+#include "nettle-internal.h"
+
/* hkdf_extract: Outputs a PRK of digest_size
*/
void
hkdf_extract(void *mac_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
- size_t digest_size,
size_t secret_size, const uint8_t *secret,
uint8_t *dst)
{
update(mac_ctx, secret_size, secret);
- digest(mac_ctx, digest_size, dst);
+ digest(mac_ctx, dst);
}
/* hkdf_expand: Outputs an arbitrary key of size specified by length
size_t info_size, const uint8_t *info,
size_t length, uint8_t *dst)
{
+ TMP_DECL(buf, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
uint8_t i = 1;
if (!length)
{
update(mac_ctx, info_size, info);
update(mac_ctx, 1, &i);
- if (length <= digest_size)
+ if (length < digest_size)
break;
- digest(mac_ctx, digest_size, dst);
+ digest(mac_ctx, dst);
+ if (length == digest_size)
+ return;
update(mac_ctx, digest_size, dst);
}
-
- digest(mac_ctx, length, dst);
+ TMP_ALLOC (buf, digest_size);
+ digest(mac_ctx, buf);
+ memcpy (dst, buf, length);
}
hkdf_extract(void *mac_ctx,
nettle_hash_update_func *update,
nettle_hash_digest_func *digest,
- size_t digest_size,
size_t secret_size, const uint8_t *secret,
uint8_t *dst);
void
hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_gosthash94, length, digest);
+ HMAC_DIGEST(ctx, &nettle_gosthash94, digest);
}
void
}
void
hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_gosthash94cp, length, digest);
+ HMAC_DIGEST(ctx, &nettle_gosthash94cp, digest);
}
void
hmac_md5_digest(struct hmac_md5_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_md5, length, digest);
+ HMAC_DIGEST(ctx, &nettle_md5, digest);
}
void
hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_ripemd160, length, digest);
+ HMAC_DIGEST(ctx, &nettle_ripemd160, digest);
}
void
hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sha1, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sha1, digest);
}
void
hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sha224, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sha224, digest);
}
void
hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sha256, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sha256, digest);
}
void
hmac_sha384_digest(struct hmac_sha512_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sha384, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sha384, digest);
}
void
hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sha512, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sha512, digest);
}
void
hmac_sm3_digest(struct hmac_sm3_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_sm3, length, digest);
+ HMAC_DIGEST(ctx, &nettle_sm3, digest);
}
void
hmac_streebog512_digest(struct hmac_streebog512_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_streebog512, length, digest);
+ HMAC_DIGEST(ctx, &nettle_streebog512, digest);
}
void
void
hmac_streebog256_digest(struct hmac_streebog256_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
- HMAC_DIGEST(ctx, &nettle_streebog256, length, digest);
+ HMAC_DIGEST(ctx, &nettle_streebog256, digest);
}
hash->init(state);
hash->update(state, key_length, key);
- hash->digest(state, hash->digest_size, digest);
+ hash->digest(state, digest);
key = digest;
key_length = hash->digest_size;
void
hmac_digest(const void *outer, const void *inner, void *state,
const struct nettle_hash *hash,
- size_t length, uint8_t *dst)
+ uint8_t *dst)
{
+ /* FIXME: Use dst area instead? */
TMP_DECL(digest, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
TMP_ALLOC(digest, hash->digest_size);
- hash->digest(state, hash->digest_size, digest);
+ hash->digest(state, digest);
memcpy(state, outer, hash->context_size);
hash->update(state, hash->digest_size, digest);
- hash->digest(state, length, dst);
+ hash->digest(state, dst);
memcpy(state, inner, hash->context_size);
}
void
hmac_digest(const void *outer, const void *inner, void *state,
const struct nettle_hash *hash,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#define HMAC_CTX(type) \
hmac_set_key( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \
(hash), (length), (key) )
-#define HMAC_DIGEST(ctx, hash, length, digest) \
+#define HMAC_DIGEST(ctx, hash, digest) \
hmac_digest( &(ctx)->outer, &(ctx)->inner, &(ctx)->state, \
- (hash), (length), (digest) )
+ (hash), (digest) )
/* HMAC using specific hash functions */
void
hmac_md5_digest(struct hmac_md5_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-ripemd160 */
void
hmac_ripemd160_digest(struct hmac_ripemd160_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sha1 */
void
hmac_sha1_digest(struct hmac_sha1_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sha256 */
struct hmac_sha256_ctx HMAC_CTX(struct sha256_ctx);
void
hmac_sha256_digest(struct hmac_sha256_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sha224 */
#define hmac_sha224_ctx hmac_sha256_ctx
void
hmac_sha224_digest(struct hmac_sha224_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sha512 */
struct hmac_sha512_ctx HMAC_CTX(struct sha512_ctx);
void
hmac_sha512_digest(struct hmac_sha512_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sha384 */
#define hmac_sha384_ctx hmac_sha512_ctx
void
hmac_sha384_digest(struct hmac_sha512_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-gosthash94 */
struct hmac_gosthash94_ctx HMAC_CTX(struct gosthash94_ctx);
void
hmac_gosthash94_digest(struct hmac_gosthash94_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
struct hmac_gosthash94cp_ctx HMAC_CTX(struct gosthash94cp_ctx);
void
hmac_gosthash94cp_digest(struct hmac_gosthash94cp_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-streebog */
void
hmac_streebog512_digest(struct hmac_streebog512_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#define hmac_streebog256_ctx hmac_streebog512_ctx
void
hmac_streebog256_digest(struct hmac_streebog256_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* hmac-sm3 */
struct hmac_sm3_ctx HMAC_CTX(struct sm3_ctx);
void
hmac_sm3_digest(struct hmac_sm3_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#ifdef __cplusplus
}
void
md2_digest(struct md2_ctx *ctx,
- size_t length,
uint8_t *digest)
{
unsigned left;
- assert(length <= MD2_DIGEST_SIZE);
-
left = MD2_BLOCK_SIZE - ctx->index;
memset(ctx->block + ctx->index, left, left);
md2_transform(ctx, ctx->block);
md2_transform(ctx, ctx->C);
- memcpy(digest, ctx->X, length);
+ memcpy(digest, ctx->X, MD2_DIGEST_SIZE);
md2_init(ctx);
}
void
md2_digest(struct md2_ctx *ctx,
- size_t length,
uint8_t *digest);
void
md4_digest(struct md4_ctx *ctx,
- size_t length,
uint8_t *digest)
{
uint64_t bit_count;
uint32_t data[MD4_DATA_LENGTH];
unsigned i;
- assert(length <= MD4_DIGEST_SIZE);
-
MD_PAD(ctx, 8, md4_compress);
for (i = 0; i < MD4_DATA_LENGTH - 2; i++)
data[i] = LE_READ_UINT32(ctx->block + 4*i);
data[MD4_DATA_LENGTH-1] = bit_count >> 32;
md4_transform(ctx->state, data);
- _nettle_write_le32(length, digest, ctx->state);
+ _nettle_write_le32(MD4_DIGEST_SIZE, digest, ctx->state);
md4_init(ctx);
}
void
md4_digest(struct md4_ctx *ctx,
- size_t length,
uint8_t *digest);
void
md5_digest(struct md5_ctx *ctx,
- size_t length,
uint8_t *digest)
{
uint64_t bit_count;
- assert(length <= MD5_DIGEST_SIZE);
-
MD_PAD(ctx, 8, COMPRESS);
/* There are 512 = 2^9 bits in one block */
LE_WRITE_UINT64(ctx->block + (MD5_BLOCK_SIZE - 8), bit_count);
nettle_md5_compress(ctx->state, ctx->block);
- _nettle_write_le32(length, digest, ctx->state);
+ _nettle_write_le32(MD5_DIGEST_SIZE, digest, ctx->state);
md5_init(ctx);
}
void
md5_digest(struct md5_ctx *ctx,
- size_t length,
uint8_t *digest);
/* MD5 compression function. STATE points to 4 uint32_t words,
typedef void nettle_hash_update_func(void *ctx,
size_t length,
const uint8_t *src);
-typedef void nettle_hash_digest_func(void *ctx,
- size_t length, uint8_t *dst);
+typedef void nettle_hash_digest_func(void *ctx, uint8_t *dst);
/* ASCII armor codecs. NOTE: Experimental and subject to change. */
}
static void
-ocb_aes128_digest_wrapper (struct ocb_aes128_ctx *ctx, size_t length, uint8_t *digest)
+ocb_aes128_digest_wrapper (struct ocb_aes128_ctx *ctx, uint8_t *digest)
{
- ocb_aes128_digest (&ctx->ocb, &ctx->key, length, digest);
+ ocb_aes128_digest (&ctx->ocb, &ctx->key, OCB_DIGEST_SIZE, digest);
}
const struct nettle_aead
(nettle_crypt_func *) ocb_aes128_decrypt_wrapper,
(nettle_hash_digest_func *) ocb_aes128_digest_wrapper
};
+
+/* For 96-bit tag */
+static void
+ocb_aes128_t96_set_nonce (struct ocb_aes128_ctx *ctx, const uint8_t *nonce)
+{
+ ocb_aes128_set_nonce (&ctx->ocb, &ctx->key,
+ 12, OCB_NONCE_SIZE, nonce);
+}
+
+static void
+ocb_aes128_t96_digest (struct ocb_aes128_ctx *ctx, uint8_t *digest)
+{
+ ocb_aes128_digest (&ctx->ocb, &ctx->key, 12, digest);
+}
+
+const struct nettle_aead
+nettle_ocb_aes128_t96 =
+ { "ocb_aes128", sizeof(struct ocb_aes128_ctx),
+ OCB_BLOCK_SIZE, AES128_KEY_SIZE,
+ OCB_NONCE_SIZE, 12,
+ (nettle_set_key_func *) ocb_aes128_set_encrypt_key_wrapper,
+ (nettle_set_key_func *) ocb_aes128_set_decrypt_key_wrapper,
+ (nettle_set_key_func *) ocb_aes128_t96_set_nonce,
+ (nettle_hash_update_func *) ocb_aes128_update_wrapper,
+ (nettle_crypt_func *) ocb_aes128_encrypt_wrapper,
+ (nettle_crypt_func *) ocb_aes128_decrypt_wrapper,
+ (nettle_hash_digest_func *) ocb_aes128_t96_digest,
+ };
};
extern const struct nettle_aead nettle_ocb_aes128;
+extern const struct nettle_aead nettle_ocb_aes128_t96;
#endif /* NETTLE_NON_NETTLE_H_INCLUDED */
hash->init (hash_ctx);
hash->update (hash_ctx, label_length, label);
- hash->digest (hash_ctx, hash->digest_size, lhash);
+ hash->digest (hash_ctx, lhash);
ok &= memeql_sec (db_mask, lhash, hash->digest_size);
memset (db, 0, db_length);
hash->init (hash_ctx);
hash->update (hash_ctx, label_length, label);
- hash->digest (hash_ctx, hash->digest_size, db);
+ hash->digest (hash_ctx, db);
memcpy (&db[db_length - message_length], message, message_length);
db[db_length - message_length - 1] = 0x01;
update (mac_ctx, salt_length, salt);
update (mac_ctx, sizeof(tmp), tmp);
- digest (mac_ctx, digest_size, T);
+ digest (mac_ctx, T);
prev = T;
for (u = 1; u < iterations; u++, prev = U)
{
update (mac_ctx, digest_size, prev);
- digest (mac_ctx, digest_size, U);
+ digest (mac_ctx, U);
memxor (T, U, digest_size);
}
#define PBKDF2(ctx, update, digest, digest_size, \
iterations, salt_length, salt, length, dst) \
(0 ? ((update)((ctx), 0, (uint8_t *) 0), \
- (digest)((ctx), 0, (uint8_t *) 0)) \
+ (digest)((ctx), (uint8_t *) 0)) \
: pbkdf2 ((ctx), \
(nettle_hash_update_func *)(update), \
(nettle_hash_digest_func *)(digest), \
MD5_DIGEST_SIZE);
if (p)
{
- md5_digest(hash, MD5_DIGEST_SIZE, p);
+ md5_digest(hash, p);
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
return 1;
SHA1_DIGEST_SIZE);
if (p)
{
- sha1_digest(hash, SHA1_DIGEST_SIZE, p);
+ sha1_digest(hash, p);
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
return 1;
SHA256_DIGEST_SIZE);
if (p)
{
- sha256_digest(hash, SHA256_DIGEST_SIZE, p);
+ sha256_digest(hash, p);
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
return 1;
SHA512_DIGEST_SIZE);
if (p)
{
- sha512_digest(hash, SHA512_DIGEST_SIZE, p);
+ sha512_digest(hash, p);
nettle_mpz_set_str_256_u(m, key_size, em);
TMP_GMP_FREE(em);
return 1;
void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
union nettle_block16 s;
/* final bytes */
aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s.b, ctx->nonce);
_nettle_poly1305_digest (&ctx->pctx, &s);
- memcpy (digest, s.b, length);
+ memcpy (digest, s.b, POLY1305_AES_DIGEST_SIZE);
INCREMENT (16, ctx->nonce);
ctx->index = 0;
/* Also increments the nonce */
void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
#ifdef __cplusplus
}
TMP_ALLOC(h, hash->digest_size);
TMP_ALLOC_ALIGN(state, hash->context_size);
- for (i = 0;;
+ for (i = 0; length > 0;
i++, mask += hash->digest_size, length -= hash->digest_size)
{
WRITE_UINT32(c, i);
memcpy(state, seed, hash->context_size);
hash->update(state, 4, c);
- if (length <= hash->digest_size)
+ if (length < hash->digest_size)
{
- hash->digest(state, length, mask);
+ hash->digest(state, h);
+ memcpy(mask, h, length);
return;
}
- hash->digest(state, hash->digest_size, mask);
+ hash->digest(state, mask);
}
}
hash->update(state, salt_length, salt);
/* Store H in EM, right after maskedDB. */
- hash->digest(state, hash->digest_size, em + key_size - hash->digest_size - 1);
+ hash->digest(state, em + key_size - hash->digest_size - 1);
/* Compute dbMask. */
hash->init(state);
hash->update(state, sizeof(pss_pad), pss_pad);
hash->update(state, hash->digest_size, digest);
hash->update(state, salt_length, salt);
- hash->digest(state, hash->digest_size, h2);
+ hash->digest(state, h2);
/* Check if H' = H. */
if (memcmp(h2, h, hash->digest_size) != 0)
}
void
-ripemd160_digest(struct ripemd160_ctx *ctx, size_t length, uint8_t *digest)
+ripemd160_digest(struct ripemd160_ctx *ctx, uint8_t *digest)
{
uint64_t bit_count;
- assert(length <= RIPEMD160_DIGEST_SIZE);
-
MD_PAD(ctx, 8, COMPRESS);
/* There are 2^9 bits in one block */
LE_WRITE_UINT64(ctx->block + 56, bit_count);
_nettle_ripemd160_compress(ctx->state, ctx->block);
- _nettle_write_le32(length, digest, ctx->state);
+ _nettle_write_le32(RIPEMD160_DIGEST_SIZE, digest, ctx->state);
ripemd160_init(ctx);
}
void
ripemd160_digest(struct ripemd160_ctx *ctx,
- size_t length,
uint8_t *digest);
#ifdef __cplusplus
void
sha1_digest(struct sha1_ctx *ctx,
- size_t length,
uint8_t *digest)
{
uint64_t bit_count;
- assert(length <= SHA1_DIGEST_SIZE);
-
MD_PAD(ctx, 8, COMPRESS);
/* There are 512 = 2^9 bits in one block */
WRITE_UINT64(ctx->block + (SHA1_BLOCK_SIZE - 8), bit_count);
nettle_sha1_compress(ctx->state, ctx->block);
- _nettle_write_be32(length, digest, ctx->state);
+ _nettle_write_be32(SHA1_DIGEST_SIZE, digest, ctx->state);
sha1_init(ctx);
}
void
sha1_digest(struct sha1_ctx *ctx,
- size_t length,
uint8_t *digest);
/* SHA1 compression function. STATE points to 5 uint32_t words,
void
sha256_digest(struct sha256_ctx *ctx,
- size_t length,
uint8_t *digest);
void
void
sha224_digest(struct sha256_ctx *ctx,
- size_t length,
uint8_t *digest);
void
sha512_digest(struct sha512_ctx *ctx,
- size_t length,
uint8_t *digest);
void
void
sha384_digest(struct sha512_ctx *ctx,
- size_t length,
uint8_t *digest);
void
sha512_224_digest(struct sha512_224_ctx *ctx,
- size_t length,
uint8_t *digest);
#define SHA512_256_DIGEST_SIZE 32
void
sha512_256_digest(struct sha512_256_ctx *ctx,
- size_t length,
uint8_t *digest);
#ifdef __cplusplus
void
sha256_digest(struct sha256_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- sha256_write_digest(ctx, length, digest);
+ sha256_write_digest(ctx, SHA256_DIGEST_SIZE, digest);
sha256_init(ctx);
}
void
sha224_digest(struct sha256_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- sha256_write_digest(ctx, length, digest);
+ sha256_write_digest(ctx, SHA224_DIGEST_SIZE, digest);
sha224_init(ctx);
}
void
sha3_224_digest(struct sha3_224_ctx *ctx,
- size_t length,
uint8_t *digest)
{
_sha3_pad_hash (&ctx->state, SHA3_224_BLOCK_SIZE, ctx->block, ctx->index);
- _nettle_write_le64 (length, digest, ctx->state.a);
+ _nettle_write_le64 (SHA3_224_DIGEST_SIZE, digest, ctx->state.a);
sha3_224_init (ctx);
}
void
sha3_256_digest(struct sha3_256_ctx *ctx,
- size_t length,
uint8_t *digest)
{
_sha3_pad_hash (&ctx->state, SHA3_256_BLOCK_SIZE, ctx->block, ctx->index);
- _nettle_write_le64 (length, digest, ctx->state.a);
+ _nettle_write_le64 (SHA3_256_DIGEST_SIZE, digest, ctx->state.a);
sha3_256_init (ctx);
}
void
sha3_384_digest(struct sha3_384_ctx *ctx,
- size_t length,
uint8_t *digest)
{
_sha3_pad_hash (&ctx->state, SHA3_384_BLOCK_SIZE, ctx->block, ctx->index);
- _nettle_write_le64 (length, digest, ctx->state.a);
+ _nettle_write_le64 (SHA3_384_DIGEST_SIZE, digest, ctx->state.a);
sha3_384_init (ctx);
}
void
sha3_512_digest(struct sha3_512_ctx *ctx,
- size_t length,
uint8_t *digest)
{
_sha3_pad_hash (&ctx->state, SHA3_512_BLOCK_SIZE, ctx->block, ctx->index);
- _nettle_write_le64 (length, digest, ctx->state.a);
+ _nettle_write_le64 (SHA3_512_DIGEST_SIZE, digest, ctx->state.a);
sha3_512_init (ctx);
}
void
sha3_224_digest(struct sha3_224_ctx *ctx,
- size_t length,
uint8_t *digest);
struct sha3_256_ctx
void
sha3_256_digest(struct sha3_256_ctx *ctx,
- size_t length,
uint8_t *digest);
/* Alternative digest function implementing shake256, with arbitrary
void
sha3_384_digest(struct sha3_384_ctx *ctx,
- size_t length,
uint8_t *digest);
struct sha3_512_ctx
void
sha3_512_digest(struct sha3_512_ctx *ctx,
- size_t length,
uint8_t *digest);
#ifdef __cplusplus
void
sha512_digest(struct sha512_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= SHA512_DIGEST_SIZE);
-
- sha512_write_digest(ctx, length, digest);
+ sha512_write_digest(ctx, SHA512_DIGEST_SIZE, digest);
sha512_init(ctx);
}
void
sha384_digest(struct sha512_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= SHA384_DIGEST_SIZE);
-
- sha512_write_digest(ctx, length, digest);
+ sha512_write_digest(ctx, SHA384_DIGEST_SIZE, digest);
sha384_init(ctx);
}
void
sha512_224_digest(struct sha512_224_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= SHA224_DIGEST_SIZE);
-
- sha512_write_digest(ctx, length, digest);
+ sha512_write_digest(ctx, SHA512_224_DIGEST_SIZE, digest);
sha512_224_init(ctx);
}
void
sha512_256_digest(struct sha512_256_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= SHA256_DIGEST_SIZE);
-
- sha512_write_digest(ctx, length, digest);
+ sha512_write_digest(ctx, SHA512_256_DIGEST_SIZE, digest);
sha512_256_init(ctx);
}
cmac128_init(&cmac_ctx);
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, const_zero.b);
- cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, D.b);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, D.b);
block16_mulx_be (&D, &D);
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, alength, adata);
- cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, S.b);
block16_xor (&D, &S);
block16_mulx_be (&D, &D);
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, nlength, nonce);
- cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, S.b);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, S.b);
block16_xor (&D, &S);
/* Sn */
}
cmac128_update (&cmac_ctx, cmac_cipher, nc->encrypt, 16, T.b);
- cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, 16, v);
+ cmac128_digest (&cmac_ctx, cmac_key, cmac_cipher, nc->encrypt, v);
}
void
void
sm3_digest(struct sm3_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- sm3_write_digest(ctx, length, digest);
+ sm3_write_digest(ctx, SM3_DIGEST_SIZE, digest);
sm3_init(ctx);
}
void
sm3_digest(struct sm3_ctx *ctx,
- size_t length,
uint8_t *digest);
#ifdef __cplusplus
void
streebog512_digest(struct streebog512_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= STREEBOG512_DIGEST_SIZE);
-
- streebog512_write_digest(ctx, 0, length, digest);
+ streebog512_write_digest(ctx, 0, STREEBOG512_DIGEST_SIZE, digest);
streebog512_init(ctx);
}
void
streebog256_digest(struct streebog256_ctx *ctx,
- size_t length,
uint8_t *digest)
{
- assert(length <= STREEBOG256_DIGEST_SIZE);
-
streebog512_write_digest(ctx,
4,
- length,
+ STREEBOG256_DIGEST_SIZE,
digest);
streebog256_init(ctx);
}
void
streebog512_digest(struct streebog512_ctx *ctx,
- size_t length,
uint8_t *digest);
void
streebog256_digest(struct streebog256_ctx *ctx,
- size_t length,
uint8_t *digest);
#ifdef __cplusplus
md5_init (&md5);
md5_update (&md5, 14, reinterpret_cast<const uint8_t *> ("message digest"));
- md5_digest (&md5, MD5_DIGEST_SIZE, digest);
+ md5_digest (&md5, digest);
ASSERT (MEMEQ (MD5_DIGEST_SIZE, digest,
H("F96B697D7CB7938D 525A2F31AAF161D0")));
{
struct gcm_aes128_ctx ctx;
const uint8_t z16[16] = { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 };
- uint8_t digest[16];
+ uint8_t digest[GCM_DIGEST_SIZE];
ASSERT (ref->length == sizeof(digest));
gcm_aes128_set_key (&ctx, z16);
gcm_aes128_set_iv (&ctx, 16, z16);
gcm_aes128_update (&ctx, msg->length, msg->data);
- gcm_aes128_digest (&ctx, sizeof(digest), digest);
+ gcm_aes128_digest (&ctx, digest);
if (!MEMEQ (ref->length, ref->data, digest))
{
fprintf (stderr, "gcm_hash failed, msg: %s\nOutput: ", msg->data);
{
hash->init (hash_ctx);
hash->update (hash_ctx, out_len, out);
- hash->digest (hash_ctx, hash->digest_size, out);
+ hash->digest (hash_ctx, out);
ASSERT (hash->digest_size == res->length);
ASSERT (MEMEQ (res->length, out, res->data));
hkdf_extract(&ctx,
(nettle_hash_update_func*) hmac_sha256_update,
(nettle_hash_digest_func*) hmac_sha256_digest,
- SHA256_DIGEST_SIZE,
ikm->length, ikm->data, prk);
if (MEMEQ(SHA256_DIGEST_SIZE, prk, extract_output->data) == 0)
hkdf_extract(&ctx,
(nettle_hash_update_func*) hmac_sha1_update,
(nettle_hash_digest_func*) hmac_sha1_digest,
- SHA1_DIGEST_SIZE,
ikm->length, ikm->data,
prk);
(nettle_decrypt_message_func*) ocb_aes128_decrypt_message_wrapper,
};
-/* For 96-bit tag */
-static void
-set_nonce_tag96 (struct ocb_aes128_ctx *ctx, size_t length, const uint8_t *nonce)
-{
- ASSERT (length == OCB_NONCE_SIZE);
- ocb_aes128_set_nonce (&ctx->ocb, &ctx->key,
- 12, OCB_NONCE_SIZE, nonce);
-}
-
void
test_main(void)
{
SHEX("479AD363AC366B95 A98CA5F3000B1479")); /* tag */
/* Test with 96-bit tag. */
- test_aead(&nettle_ocb_aes128, (nettle_hash_update_func *) set_nonce_tag96,
+ test_aead(&nettle_ocb_aes128_t96, NULL,
SHEX("0F0E0D0C0B0A09080706050403020100"), /* key */
SHEX("000102030405060708090A0B0C0D0E0F1011121314151617"
"18191A1B1C1D1E1F2021222324252627"), /* auth data */
SHEX("D0C515F4D1CDD4FDAC4F02AA")); /* tag */
/* 16 blocks, not verified with other implementations or any
- authoritative test vector.not an authoritative test vector. */
+ authoritative test vector. */
test_aead(&nettle_ocb_aes128, NULL,
SHEX("000102030405060708090A0B0C0D0E0F"), /* key */
SHEX(""), /* auth data */
SHEX("6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009")); /* ciphertext */
/* Test-vector from libgcrypt:tests/basic.c: */
- test_aead(&nettle_ocb_aes128, (nettle_hash_update_func *) set_nonce_tag96,
+ test_aead(&nettle_ocb_aes128_t96, NULL,
SHEX("0F0E0D0C0B0A09080706050403020100"), /* key */
SHEX("000102030405060708090A0B0C0D0E0F1011121314151617"
"18191A1B1C1D1E1F2021222324252627"), /* auth data */
const struct tstring *ref)
{
uint8_t tag[16];
- ASSERT (ref->length <= 16);
- f(ctx, ref->length, tag);
+ ASSERT (ref->length == POLY1305_AES_DIGEST_SIZE);
+ f(ctx, tag);
if (!MEMEQ(ref->length, ref->data, tag))
{
printf ("%s failed\n", name);
hash->init(ctx);
hash->update(ctx, length, message);
- hash->digest(ctx, hash->digest_size, digest);
+ hash->digest(ctx, digest);
mpz_init(signature);
SHA3_128_BLOCK_SIZE,
(nettle_hash_init_func *) sha3_128_init,
(nettle_hash_update_func *) sha3_128_update,
- (nettle_hash_digest_func *) sha3_128_shake,
- (nettle_hash_digest_func *) sha3_128_shake_output,
+ (nettle_random_func *) sha3_128_shake,
+ (nettle_random_func *) sha3_128_shake_output,
};
void
SHA3_256_BLOCK_SIZE,
(nettle_hash_init_func *) sha3_256_init,
(nettle_hash_update_func *) sha3_256_update,
- (nettle_hash_digest_func *) sha3_256_shake,
- (nettle_hash_digest_func *) sha3_256_shake_output,
+ (nettle_random_func *) sha3_256_shake,
+ (nettle_random_func *) sha3_256_shake_output,
};
void
}
if (digest)
{
- ASSERT (digest->length <= aead->digest_size);
+ ASSERT (digest->length == aead->digest_size);
memset(buffer, 0, aead->digest_size);
- aead->digest(ctx, digest->length, buffer);
+ aead->digest(ctx, buffer);
if (!MEMEQ(digest->length, buffer, digest->data))
{
fprintf(stderr, "aead->digest failed (offset = %u):\n got: ",
if (digest)
{
+ ASSERT (digest->length == aead->digest_size);
memset(buffer, 0, aead->digest_size);
- aead->digest(ctx, digest->length, buffer);
+ aead->digest(ctx, buffer);
ASSERT(MEMEQ(digest->length, buffer, digest->data));
}
}
hash->update(ctx, 0, NULL);
hash->update(ctx, msg->length - offset, msg->data + offset);
- hash->digest(ctx, digest->length, buffer);
+ hash->digest(ctx, buffer);
if (MEMEQ(digest->length, digest->data, buffer) == 0)
{
}
}
- memset(buffer, 0, digest->length);
-
- hash->update(ctx, msg->length, msg->data);
- ASSERT(digest->length > 0);
- hash->digest(ctx, digest->length - 1, buffer);
-
- ASSERT(MEMEQ(digest->length - 1, digest->data, buffer));
-
- ASSERT(buffer[digest->length - 1] == 0);
-
input = xalloc (msg->length + 16);
for (offset = 0; offset < 16; offset++)
{
memset (input, 0, msg->length + 16);
memcpy (input + offset, msg->data, msg->length);
hash->update (ctx, msg->length, input + offset);
- hash->digest (ctx, digest->length, buffer);
+ hash->digest (ctx, buffer);
if (MEMEQ(digest->length, digest->data, buffer) == 0)
{
fprintf(stdout, "hash input address: %p\nGot:\n", input + offset);
}
fprintf (stderr, "\n");
- hash->digest(ctx, hash->digest_size, buffer);
+ hash->digest(ctx, buffer);
print_hex(hash->digest_size, buffer);
mac->set_key (ctx, key->data);
}
mac->update (ctx, msg->length, msg->data);
- mac->digest (ctx, digest->length, hash);
+ mac->digest (ctx, hash);
if (!MEMEQ (digest->length, digest->data, hash))
{
/* attempt to re-use the structure */
mac->update (ctx, msg->length, msg->data);
- mac->digest (ctx, digest->length, hash);
+ mac->digest (ctx, hash);
if (!MEMEQ (digest->length, digest->data, hash))
{
fprintf (stderr, "test_mac: failed on re-use, msg: ");
/* attempt byte-by-byte hashing */
for (i=0;i<msg->length;i++)
mac->update (ctx, 1, msg->data+i);
- mac->digest (ctx, digest->length, hash);
+ mac->digest (ctx, hash);
if (!MEMEQ (digest->length, digest->data, hash))
{
fprintf (stderr, "test_mac failed on byte-by-byte, msg: ");
ASSERT(mpz_cmp (signature, expected) == 0); \
\
hash##_update(&hash, LDATA(msg)); \
- hash##_digest(&hash, sizeof(digest), digest); \
+ hash##_digest(&hash, digest); \
ASSERT(rsa_##hash##_sign_digest(key, digest, signature)); \
ASSERT(mpz_cmp (signature, expected) == 0); \
\
/* Requires that the context is named like the hash algorithm. */
#define DSA_VERIFY(params, key, hash, buf, msg, signature) \
(hash##_update(&hash, LDATA(msg)), \
- hash##_digest(&hash, sizeof(buf), buf), \
+ hash##_digest(&hash, buf), \
dsa_verify(params, key, sizeof(buf), buf, signature))
void
knuth_lfib_init(&lfib, 1111);
sha1_update(&sha1, LDATA("The magic words are squeamish ossifrage"));
- sha1_digest(&sha1, sizeof(digest), digest);
+ sha1_digest(&sha1, digest);
ASSERT (dsa_sign(params, key,
&lfib, (nettle_random_func *) knuth_lfib_random,
sizeof(digest), digest, &signature));
knuth_lfib_init(&lfib, 1111);
sha256_update(&sha256, LDATA("The magic words are squeamish ossifrage"));
- sha256_digest(&sha256, sizeof(digest), digest);
+ sha256_digest(&sha256, digest);
ASSERT (dsa_sign(params, key,
&lfib, (nettle_random_func *) knuth_lfib_random,
sizeof(digest), digest, &signature));
hash->init(ctx);
hash->update (ctx, msg->length, msg->data);
- hash->digest (ctx, hash->digest_size, digest);
+ hash->digest (ctx, digest);
mpz_set (signature.r, ref->r);
mpz_set (signature.s, ref->s);
unsigned block_size;
nettle_hash_init_func *init;
nettle_hash_update_func *update;
- nettle_hash_digest_func *digest;
- nettle_hash_digest_func *output;
+ /* FIXME: Rename to, e.g., nettle_output_func. */
+ nettle_random_func *digest;
+ nettle_random_func *output;
};
void
size_t tag_length, const uint8_t *ref)
{
uint8_t tag[16];
- f(ctx, tag_length, tag);
+ f(ctx, tag);
if (memcmp (tag, ref, tag_length) != 0)
{
printf ("%s failed\n", name);
printf(" sha256:");
}
- sha256_digest(&input_hash, sizeof(digest), digest);
+ sha256_digest(&input_hash, digest);
if (verbose)
{
printf(" sha256:");
}
- sha256_digest(&output_hash, sizeof(digest), digest);
+ sha256_digest(&output_hash, digest);
if (verbose)
{
return 0;
}
- digest = xalloc(digest_length);
- alg->digest(ctx, digest_length, digest);
+ digest = xalloc(alg->digest_size);
+ alg->digest(ctx, digest);
free(ctx);
if (raw)
assert(output->hash);
- output->hash->digest(output->ctx, output->hash->digest_size, digest);
+ output->hash->digest(output->ctx, digest);
sexp_put_code_start(output, &nettle_base16);
sexp_put_data(output, output->hash->digest_size, digest);
/* The _digest functions increment the nonce */
void
umac32_digest (struct umac32_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
void
umac64_digest (struct umac64_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
void
umac96_digest (struct umac96_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
void
umac128_digest (struct umac128_ctx *ctx,
- size_t length, uint8_t *digest);
+ uint8_t *digest);
/* Internal functions */
void
umac128_digest (struct umac128_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
uint32_t tag[4];
unsigned i;
- assert (length > 0);
- assert (length <= 16);
-
if (ctx->index > 0 || ctx->count == 0)
{
/* Zero pad to multiple of 32 */
tag[i] ^= ctx->l3_key2[i] ^ _nettle_umac_l3 (ctx->l3_key1 + 8*i,
ctx->l2_state + 2*i);
- memcpy (digest, tag, length);
+ memcpy (digest, tag, UMAC128_DIGEST_SIZE);
/* Reinitialize */
ctx->count = ctx->index = 0;
void
-umac32_digest (struct umac32_ctx *ctx,
- size_t length, uint8_t *digest)
+umac32_digest (struct umac32_ctx *ctx, uint8_t *digest)
{
uint32_t pad;
- assert (length > 0);
- assert (length <= 4);
-
if (ctx->index > 0 || ctx->count == 0)
{
/* Zero pad to multiple of 32 */
_nettle_umac_l2_final (ctx->l2_key, ctx->l2_state, 1, ctx->count);
pad ^= ctx->l3_key2[0] ^ _nettle_umac_l3 (ctx->l3_key1, ctx->l2_state);
- memcpy (digest, &pad, length);
+ memcpy (digest, &pad, UMAC32_DIGEST_SIZE);
/* Reinitialize */
ctx->count = ctx->index = 0;
void
umac64_digest (struct umac64_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
uint32_t tag[2];
uint32_t *pad;
- assert (length > 0);
- assert (length <= 8);
-
if (ctx->index > 0 || ctx->count == 0)
{
/* Zero pad to multiple of 32 */
ctx->l2_state);
tag[1] = pad[1] ^ ctx->l3_key2[1] ^ _nettle_umac_l3 (ctx->l3_key1 + 8,
ctx->l2_state + 2);
- memcpy (digest, tag, length);
+ memcpy (digest, tag, UMAC64_DIGEST_SIZE);
/* Reinitialize */
ctx->count = ctx->index = 0;
void
umac96_digest (struct umac96_ctx *ctx,
- size_t length, uint8_t *digest)
+ uint8_t *digest)
{
uint32_t tag[4];
unsigned i;
- assert (length > 0);
- assert (length <= 12);
-
if (ctx->index > 0 || ctx->count == 0)
{
/* Zero pad to multiple of 32 */
tag[i] ^= ctx->l3_key2[i] ^ _nettle_umac_l3 (ctx->l3_key1 + 8*i,
ctx->l2_state + 2*i);
- memcpy (digest, tag, length);
+ memcpy (digest, tag, UMAC96_DIGEST_SIZE);
/* Reinitialize */
ctx->count = ctx->index = 0;
sha256_update(&hash, sizeof(v0), v0);
sha256_update(&hash, sizeof(count), count);
- sha256_digest(&hash, SHA256_DIGEST_SIZE, digest);
+ sha256_digest(&hash, digest);
}
}
sha256_update(&ctx->pools[YARROW_FAST], sizeof(blocks), blocks);
}
- sha256_digest(&ctx->pools[YARROW_FAST], sizeof(digest), digest);
+ sha256_digest(&ctx->pools[YARROW_FAST], digest);
/* Iterate */
yarrow_iterate(digest);
#endif
/* Get digest of the slow pool*/
- sha256_digest(&ctx->pools[YARROW_SLOW], sizeof(digest), digest);
+ sha256_digest(&ctx->pools[YARROW_SLOW], digest);
/* Feed it into the fast pool */
sha256_update(&ctx->pools[YARROW_FAST], sizeof(digest), digest);
projects / thirdparty / nettle.git / commitdiff
