3 * AEAD schemes based on Salsa20/ChaCha and Poly1305
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
32 #include <mLib/bits.h>
37 #include "latinpoly-def.h"
42 /*----- Common definitions ------------------------------------------------*/
45 latinpoly_noncesz
[] = { KSZ_SET
, SALSA20_NONCESZ
, SALSA20_IETF_NONCESZ
,
46 XSALSA20_NONCESZ
, 0 },
47 latinpoly_tagsz
[] = { KSZ_SET
, POLY1305_TAGSZ
, 0 };
51 void latinpoly_aadhash(gaead_aad
*a
, const void *h
, size_t hsz
)
53 latinpoly_aad
*aad
= (latinpoly_aad
*)a
;
54 poly1305_hash(&aad
->poly
, h
, hsz
);
57 void latinpoly_aaddestroy(gaead_aad
*a
) { ; }
59 /* --- @latinpoly_tag@ --- *
61 * Arguments: @const poly1305_ctx *aad@ = Poly1305 context hashing AAD
62 * @poly1305_ctx *ct@ = Poly1305 context hashing ciphertext
63 * @void *tag@ = where to write the tag
67 * Use: Completes a Latin-dance-Poly1305 tag, combining the AAD and
68 * ciphertext hashes, appending their lengths, and writing the
69 * final masked hash to @tag@. The @ct@ context is clobbered.
72 /* Write the length of data pushed through Poly1305 as a 64-bit integer. */
73 static void putlen(octet
*p
, const poly1305_ctx
*poly
)
75 uint32 lo
= U32((poly
->count
<< 4) | poly
->nbuf
),
76 hi
= U32(poly
->count
>> 28);
77 STORE32_L(p
+ 0, lo
); STORE32_L(p
+ 4, hi
);
80 void latinpoly_tag(const poly1305_ctx
*aad
, poly1305_ctx
*ct
, void *tag
)
85 putlen(b
+ 8, ct
); poly1305_flushzero(ct
);
86 if (!aad
) memset(b
, 0, 8);
89 t
= *aad
; poly1305_flushzero(&t
); poly1305_concat(ct
, &t
, ct
);
91 poly1305_hash(ct
, b
, 16); poly1305_done(ct
, tag
);
94 /*----- That's all, folks -------------------------------------------------*/