#include <string.h>
#include "poly1305.h"
+#include "rsvr.h"
/*----- Global variables --------------------------------------------------*/
#endif
-/*----- Low-level implementation for 32/64-bit targets --------------------*/
+/*----- Low-level implementation for 16/32-bit targets --------------------*/
#ifndef POLY1305_IMPL
# define POLY1305_IMPL 11
ctx->count++;
}
+static const rsvr_policy pol = { 0, 16, 16 };
+
void poly1305_hash(poly1305_ctx *ctx, const void *p, size_t sz)
{
- const octet *pp = p;
- size_t n;
-
- if (ctx->nbuf) {
- if (sz < 16 - ctx->nbuf) {
- memcpy(ctx->buf + ctx->nbuf, p, sz);
- ctx->nbuf += sz;
- return;
- }
- n = 16 - ctx->nbuf;
- memcpy(ctx->buf + ctx->nbuf, pp, n);
- update_full(ctx, ctx->buf);
- pp += n; sz -= n;
- }
- while (sz >= 16) {
- update_full(ctx, pp);
- pp += 16; sz -= 16;
- }
- if (sz) memcpy(ctx->buf, pp, sz);
- ctx->nbuf = sz;
+ rsvr_state st;
+ const octet *q = p;
+
+ rsvr_setup(&st, &pol, &ctx->buf, &ctx->nbuf, p, sz);
+ RSVR_DO(&st) while ((q = RSVR_NEXT(&st, 16)) != 0) update_full(ctx, q);
}
/* --- @poly1305_flush@ --- *
* far is a whole number of blocks. Flushing is performed
* automatically by @poly1305_done@, but it may be necessary to
* force it by hand when using @poly1305_concat@.
+ * (Alternatively, you might use @poly1305_flushzero@ instead.)
*
* Flushing a partial block has an observable effect on the
* computation: the resulting state is (with high probability)
#endif
mul_r(ctx, ctx->u.P.h, t);
- ctx->count++;
+ ctx->nbuf = 0; ctx->count++;
+}
+
+/* --- @poly1305_flushzero@ --- *
+ *
+ * Arguments: @poly1305_ctx *ctx@ = MAC context to flush
+ *
+ * Returns: ---
+ *
+ * Use: Forces any buffered message data in the context to be
+ * processed, by hashing between zero and fifteen additional
+ * zero bytes. Like @poly1305_flush@, this has no effect if the
+ * the message processed so far is a whole number of blocks.
+ * Unlike @poly1305_flush@, the behaviour if the message is not
+ * a whole number of blocks is equivalent to actually hashing
+ * some extra data.
+ */
+
+void poly1305_flushzero(poly1305_ctx *ctx)
+{
+ if (!ctx->nbuf) return;
+ memset(ctx->buf + ctx->nbuf, 0, 16 - ctx->nbuf);
+ update_full(ctx, ctx->buf);
ctx->nbuf = 0;
}
#ifdef TEST_RIG
+#include <mLib/macros.h>
#include <mLib/testrig.h>
+#include "ct.h"
#include "rijndael-ecb.h"
static int vrf_hash(dstr v[])
if (v[3].len != 16) { fprintf(stderr, "bad tag length\n"); exit(2); }
dstr_ensure(&t, 16); t.len = 16;
+ ct_poison(v[0].buf, v[0].len);
poly1305_keyinit(&k, v[0].buf, v[0].len);
for (i = 0; i < v[2].len; i++) {
for (j = i; j < v[2].len; j++) {
poly1305_hash(&ctx, v[2].buf + i, j - i);
poly1305_hash(&ctx, v[2].buf + j, v[2].len - j);
poly1305_done(&ctx, t.buf);
- if (memcmp(t.buf, v[3].buf, 16) != 0) {
+ ct_remedy(t.buf, t.len);
+ if (MEMCMP(t.buf, !=, v[3].buf, 16)) {
fprintf(stderr, "failed...");
fprintf(stderr, "\n\tkey = "); type_hex.dump(&v[0], stderr);
fprintf(stderr, "\n\tmask = "); type_hex.dump(&v[1], stderr);
poly1305_concat(&ctx, &ctx, &cc[2]);
}
poly1305_done(&ctx, t.buf);
- if (memcmp(t.buf, v[5].buf, 16) != 0) {
+ if (MEMCMP(t.buf, !=, v[5].buf, 16)) {
fprintf(stderr, "failed...");
fprintf(stderr, "\n\tkey = "); type_hex.dump(&v[0], stderr);
fprintf(stderr, "\n\tmask = "); type_hex.dump(&v[1], stderr);
}
}
- if (memcmp(t, v[4].buf, 16) != 0) {
+ if (MEMCMP(t, !=, v[4].buf, 16)) {
ok = 0;
fprintf(stderr, "failed...");
fprintf(stderr, "\n\tinitial k = "); type_hex.dump(&v[0], stderr);
~mdw / catacomb / blobdiff