extern const octet latinpoly_noncesz[], latinpoly_tagsz[];
/* AAD methods. */
-extern void latinpoly_aadhash(gaead_aad */*a*/,
- const void */*h*/, size_t /*hsz*/);
+extern void latinpoly_aadhash_poly1305(gaead_aad */*a*/,
+ const void */*h*/, size_t /*hsz*/);
+extern void latinpoly_aadhash_naclbox(gaead_aad */*a*/,
+ const void */*h*/, size_t /*hsz*/);
extern void latinpoly_aaddestroy(gaead_aad */*a*/);
+/* Variants. */
+enum { LPVAR_NACLBOX, LPVAR_POLY1305 };
+
/* --- @latinpoly_tag@ --- *
*
* Arguments: @const poly1305_ctx *aad@ = Poly1305 context hashing AAD
/* Utilities. */ \
\
/* Reinitialize the stream cipher and hash state given a new nonce. */ \
-static int reinit_##latin(x##latin##_ctx *ctx, \
+static int reinit_##latin(x##latin##_ctx *ctx, int var, \
poly1305_ctx *aadpoly, poly1305_ctx *ctpoly, \
const void *n, size_t nsz) \
{ \
\
latin##_encrypt(&ctx->s, 0, b, sizeof(b)); \
poly1305_keyinit(&pk, b, POLY1305_KEYSZ); \
- poly1305_macinit(aadpoly, &pk, b + POLY1305_KEYSZ); \
poly1305_macinit(ctpoly, &pk, b + POLY1305_KEYSZ); \
- latin##_encrypt(&ctx->s, 0, 0, SALSA20_OUTSZ - sizeof(b)); \
+ switch (var) { \
+ case LPVAR_NACLBOX: \
+ aadpoly->count = 0; aadpoly->nbuf = 0; \
+ break; \
+ case LPVAR_POLY1305: \
+ poly1305_macinit(aadpoly, &pk, b + POLY1305_KEYSZ); \
+ latin##_encrypt(&ctx->s, 0, 0, SALSA20_OUTSZ - sizeof(b)); \
+ break; \
+ default: \
+ assert(0); \
+ } \
return (0); \
} \
\
/* AAD operations. */ \
\
-static const gaead_aadops gaops_##latin = \
- { &latin##_poly1305, 0, latinpoly_aadhash, latinpoly_aaddestroy }; \
+static const gaead_aadops gaops_##latin##_poly1305 = \
+ { &latin##_poly1305, 0, latinpoly_aadhash_poly1305, latinpoly_aaddestroy }; \
+ \
+static const gaead_aadops gaops_##latin##_naclbox = \
+ { &latin##_naclbox, 0, latinpoly_aadhash_naclbox, latinpoly_aaddestroy }; \
\
/* Encryption operations. */ \
\
static gaead_aad *geaad_##latin(gaead_enc *e) \
{ gectx_##latin *enc = (gectx_##latin *)e; return (&enc->aad.a); } \
\
-static int gereinit_##latin(gaead_enc *e, const void *n, size_t nsz, \
- size_t hsz, size_t msz, size_t tsz) \
+static int gereinit_##latin##_poly1305(gaead_enc *e, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, size_t tsz) \
+{ \
+ gectx_##latin *enc = (gectx_##latin *)e; \
+ return (reinit_##latin(&enc->ctx, LPVAR_POLY1305, \
+ &enc->aad.poly, &enc->poly, n, nsz)); \
+} \
+ \
+static int gereinit_##latin##_naclbox(gaead_enc *e, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, size_t tsz) \
{ \
gectx_##latin *enc = (gectx_##latin *)e; \
- return (reinit_##latin(&enc->ctx, &enc->aad.poly, &enc->poly, n, nsz)); \
+ return (reinit_##latin(&enc->ctx, LPVAR_NACLBOX, \
+ &enc->aad.poly, &enc->poly, n, nsz)); \
} \
\
static int geenc_##latin(gaead_enc *e, \
return (0); \
} \
\
-static int gedone_##latin(gaead_enc *e, const gaead_aad *a, \
- buf *b, void *t, size_t tsz) \
+static int gedone_##latin##_common(gectx_##latin *enc, \
+ const latinpoly_aad *aad, \
+ buf *b, size_t tsz) \
+{ \
+ if (tsz != POLY1305_TAGSZ) return (-1); \
+ assert((!enc->aad.poly.count && !enc->aad.poly.nbuf && !aad) || \
+ aad == &enc->aad); \
+ if (!BOK(b)) return (-1); \
+ return (0); \
+} \
+ \
+static int gedone_##latin##_poly1305(gaead_enc *e, const gaead_aad *a, \
+ buf *b, void *t, size_t tsz) \
{ \
gectx_##latin *enc = (gectx_##latin *)e; \
const latinpoly_aad *aad = (const latinpoly_aad *)a; \
\
- if (tsz != POLY1305_TAGSZ) return (-1); \
- assert((!enc->aad.poly.count && !enc->aad.poly.nbuf && !a) || \
- a == &enc->aad.a); \
- if (!BOK(b)) return (-1); \
+ if (gedone_##latin##_common(enc, aad, b, tsz)) return (-1); \
latinpoly_tag(aad ? &aad->poly : 0, &enc->poly, t); \
return (0); \
} \
\
+static int gedone_##latin##_naclbox(gaead_enc *e, const gaead_aad *a, \
+ buf *b, void *t, size_t tsz) \
+{ \
+ gectx_##latin *enc = (gectx_##latin *)e; \
+ const latinpoly_aad *aad = (const latinpoly_aad *)a; \
+ \
+ if (gedone_##latin##_common(enc, aad, b, tsz)) return (-1); \
+ poly1305_done(&enc->poly, t); \
+ return (0); \
+} \
+ \
static void gedestroy_##latin(gaead_enc *e) \
{ gectx_##latin *enc = (gectx_##latin *)e; BURN(*enc); S_DESTROY(enc); } \
\
-static gaead_encops geops_##latin = \
- { &latin##_poly1305, geaad_##latin, gereinit_##latin, \
- geenc_##latin, gedone_##latin, gedestroy_##latin }; \
+static gaead_encops geops_##latin##_poly1305 = \
+ { &latin##_poly1305, geaad_##latin, gereinit_##latin##_poly1305, \
+ geenc_##latin, gedone_##latin##_poly1305, gedestroy_##latin }; \
+ \
+static gaead_encops geops_##latin##_naclbox = \
+ { &latin##_naclbox, geaad_##latin, gereinit_##latin##_naclbox, \
+ geenc_##latin, gedone_##latin##_naclbox, gedestroy_##latin }; \
\
/* Decryption operations. */ \
\
static gaead_aad *gdaad_##latin(gaead_dec *d) \
{ gdctx_##latin *dec = (gdctx_##latin *)d; return (&dec->aad.a); } \
\
-static int gdreinit_##latin(gaead_dec *d, const void *n, size_t nsz, \
- size_t hsz, size_t msz, size_t tsz) \
+static int gdreinit_##latin##_poly1305(gaead_dec *d, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, size_t tsz) \
{ \
gdctx_##latin *dec = (gdctx_##latin *)d; \
- return (reinit_##latin(&dec->ctx, &dec->aad.poly, &dec->poly, n, nsz)); \
+ return (reinit_##latin(&dec->ctx, LPVAR_POLY1305, \
+ &dec->aad.poly, &dec->poly, n, nsz)); \
+} \
+ \
+static int gdreinit_##latin##_naclbox(gaead_dec *d, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, size_t tsz) \
+{ \
+ gdctx_##latin *dec = (gdctx_##latin *)d; \
+ return (reinit_##latin(&dec->ctx, LPVAR_NACLBOX, \
+ &dec->aad.poly, &dec->poly, n, nsz)); \
} \
\
static int gddec_##latin(gaead_dec *d, \
return (0); \
} \
\
-static int gddone_##latin(gaead_dec *d, const gaead_aad *a, \
- buf *b, const void *t, size_t tsz) \
+static int gddone_##latin##_common(gdctx_##latin *dec, \
+ const latinpoly_aad *aad, \
+ buf *b, size_t tsz) \
+{ \
+ if (tsz != POLY1305_TAGSZ) return (-1); \
+ assert((!dec->aad.poly.count && !dec->aad.poly.nbuf && !aad) || \
+ aad == &dec->aad); \
+ if (!BOK(b)) return (-1); \
+ return (0); \
+} \
+ \
+static int gddone_##latin##_poly1305(gaead_dec *d, const gaead_aad *a, \
+ buf *b, const void *t, size_t tsz) \
{ \
gdctx_##latin *dec = (gdctx_##latin *)d; \
const latinpoly_aad *aad = (const latinpoly_aad *)a; \
octet u[POLY1305_TAGSZ]; \
\
- if (tsz != POLY1305_TAGSZ) return (-1); \
- assert((!dec->aad.poly.count && !dec->aad.poly.nbuf && !a) || \
- a == &dec->aad.a); \
- if (!BOK(b)) return (-1); \
+ if (gddone_##latin##_common(dec, aad, b, tsz)) return (-1); \
latinpoly_tag(aad ? &aad->poly : 0, &dec->poly, u); \
if (ct_memeq(t, u, POLY1305_TAGSZ)) return (+1); \
else return (0); \
} \
\
+static int gddone_##latin##_naclbox(gaead_dec *d, const gaead_aad *a, \
+ buf *b, const void *t, size_t tsz) \
+{ \
+ gdctx_##latin *dec = (gdctx_##latin *)d; \
+ const latinpoly_aad *aad = (const latinpoly_aad *)a; \
+ octet u[POLY1305_TAGSZ]; \
+ \
+ if (gddone_##latin##_common(dec, aad, b, tsz)) return (-1); \
+ poly1305_done(&dec->poly, u); \
+ if (ct_memeq(t, u, POLY1305_TAGSZ)) return (+1); \
+ else return (0); \
+} \
+ \
static void gddestroy_##latin(gaead_dec *d) \
{ gdctx_##latin *dec = (gdctx_##latin *)d; BURN(*dec); S_DESTROY(dec); } \
\
-static gaead_decops gdops_##latin = \
- { &latin##_poly1305, gdaad_##latin, gdreinit_##latin, \
- gddec_##latin, gddone_##latin, gddestroy_##latin }; \
+static gaead_decops gdops_##latin##_poly1305 = \
+ { &latin##_poly1305, gdaad_##latin, gdreinit_##latin##_poly1305, \
+ gddec_##latin, gddone_##latin##_poly1305, gddestroy_##latin }; \
+ \
+static gaead_decops gdops_##latin##_naclbox = \
+ { &latin##_poly1305, gdaad_##latin, gdreinit_##latin##_naclbox, \
+ gddec_##latin, gddone_##latin##_naclbox, gddestroy_##latin }; \
\
/* Key operations. */ \
\
-static gaead_enc *gkenc_##latin(const gaead_key *k, \
- const void *n, size_t nsz, \
- size_t hsz, size_t msz, size_t tsz) \
+static gaead_enc *gkenc_##latin##_poly1305(const gaead_key *k, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, \
+ size_t tsz) \
+{ \
+ latinpoly_key *key = (latinpoly_key *)k; \
+ gectx_##latin *enc = S_CREATE(gectx_##latin); \
+ \
+ enc->e.ops = &geops_##latin##_poly1305; \
+ enc->aad.a.ops = &gaops_##latin##_poly1305; \
+ x##latin##_init(&enc->ctx, key->key, key->ksz, 0); \
+ if (reinit_##latin(&enc->ctx, LPVAR_POLY1305, \
+ &enc->aad.poly, &enc->poly, n, nsz)) \
+ { gedestroy_##latin(&enc->e); return (0); } \
+ return (&enc->e); \
+} \
+ \
+static gaead_enc *gkenc_##latin##_naclbox(const gaead_key *k, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, \
+ size_t tsz) \
{ \
latinpoly_key *key = (latinpoly_key *)k; \
gectx_##latin *enc = S_CREATE(gectx_##latin); \
\
- enc->e.ops = &geops_##latin; enc->aad.a.ops = &gaops_##latin; \
+ enc->e.ops = &geops_##latin##_naclbox; \
+ enc->aad.a.ops = &gaops_##latin##_naclbox; \
x##latin##_init(&enc->ctx, key->key, key->ksz, 0); \
- reinit_##latin(&enc->ctx, &enc->aad.poly, &enc->poly, n, nsz); \
+ if (reinit_##latin(&enc->ctx, LPVAR_NACLBOX, \
+ &enc->aad.poly, &enc->poly, n, nsz)) \
+ { gedestroy_##latin(&enc->e); return (0); } \
return (&enc->e); \
} \
\
-static gaead_dec *gkdec_##latin(const gaead_key *k, \
- const void *n, size_t nsz, \
- size_t hsz, size_t msz, size_t tsz) \
+static gaead_dec *gkdec_##latin##_poly1305(const gaead_key *k, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, \
+ size_t tsz) \
{ \
latinpoly_key *key = (latinpoly_key *)k; \
gdctx_##latin *dec = S_CREATE(gdctx_##latin); \
\
- dec->d.ops = &gdops_##latin; dec->aad.a.ops = &gaops_##latin; \
+ dec->d.ops = &gdops_##latin##_poly1305; \
+ dec->aad.a.ops = &gaops_##latin##_poly1305; \
x##latin##_init(&dec->ctx, key->key, key->ksz, 0); \
- reinit_##latin(&dec->ctx, &dec->aad.poly, &dec->poly, n, nsz); \
+ if (reinit_##latin(&dec->ctx, LPVAR_POLY1305, \
+ &dec->aad.poly, &dec->poly, n, nsz)) \
+ { gddestroy_##latin(&dec->d); return (0); } \
+ return (&dec->d); \
+} \
+ \
+static gaead_dec *gkdec_##latin##_naclbox(const gaead_key *k, \
+ const void *n, size_t nsz, \
+ size_t hsz, size_t msz, \
+ size_t tsz) \
+{ \
+ latinpoly_key *key = (latinpoly_key *)k; \
+ gdctx_##latin *dec = S_CREATE(gdctx_##latin); \
+ \
+ dec->d.ops = &gdops_##latin##_naclbox; \
+ dec->aad.a.ops = &gaops_##latin##_naclbox; \
+ x##latin##_init(&dec->ctx, key->key, key->ksz, 0); \
+ if (reinit_##latin(&dec->ctx, LPVAR_NACLBOX, \
+ &dec->aad.poly, &dec->poly, n, nsz)) \
+ { gddestroy_##latin(&dec->d); return (0); } \
return (&dec->d); \
} \
\
static void gkdestroy_##latin(gaead_key *k) \
{ latinpoly_key *key = (latinpoly_key *)k; BURN(*key); S_DESTROY(key); } \
\
-static const gaead_keyops gkops_##latin = \
- { &latin##_poly1305, 0, gkenc_##latin, gkdec_##latin, \
+static const gaead_keyops gkops_##latin##_poly1305 = \
+ { &latin##_poly1305, 0, \
+ gkenc_##latin##_poly1305, gkdec_##latin##_poly1305, \
+ gkdestroy_##latin }; \
+ \
+static const gaead_keyops gkops_##latin##_naclbox = \
+ { &latin##_naclbox, 0, \
+ gkenc_##latin##_naclbox, gkdec_##latin##_naclbox, \
gkdestroy_##latin }; \
\
/* Class definition. */ \
\
-static gaead_key *gkey_##latin(const void *k, size_t ksz) \
+static gaead_key *gkey_##latin##_common(const gaead_keyops *ops, \
+ const void *k, size_t ksz) \
{ \
latinpoly_key *key = S_CREATE(latinpoly_key); \
\
- key->k.ops = &gkops_##latin; \
+ key->k.ops = ops; \
KSZ_ASSERT(latin, ksz); memcpy(key->key, k, ksz); key->ksz = ksz; \
return (&key->k); \
} \
\
+static gaead_key *gkey_##latin##_poly1305(const void *k, size_t ksz) \
+ { return (gkey_##latin##_common(&gkops_##latin##_poly1305, k, ksz)); } \
+ \
+static gaead_key *gkey_##latin##_naclbox(const void *k, size_t ksz) \
+ { return (gkey_##latin##_common(&gkops_##latin##_naclbox, k, ksz)); } \
+ \
const gcaead latin##_poly1305 = { \
name "-poly1305", latin##_keysz, latinpoly_noncesz, latinpoly_tagsz, \
64, 0, 0, AEADF_AADNDEP, \
- gkey_##latin \
+ gkey_##latin##_poly1305 \
+}; \
+ \
+const gcaead latin##_naclbox = { \
+ name "-naclbox", latin##_keysz, latinpoly_noncesz, latinpoly_tagsz, \
+ 64, 0, 0, AEADF_AADNDEP | AEADF_NOAAD, \
+ gkey_##latin##_naclbox \
};
/*----- That's all, folks -------------------------------------------------*/