X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/aac19f0d10e3e1a41ddb5ca3fdbdaab97d2d439d..a90d420cbe87490c844ae422c966e746d3134b07:/symm/latinpoly-def.h diff --git a/symm/latinpoly-def.h b/symm/latinpoly-def.h index d04f2e13..af917fad 100644 --- a/symm/latinpoly-def.h +++ b/symm/latinpoly-def.h @@ -89,10 +89,15 @@ typedef struct latinpoly_key { extern const octet latinpoly_noncesz[], latinpoly_tagsz[]; /* AAD methods. */ -extern void latinpoly_aadhash(gaead_aad */*a*/, - const void */*h*/, size_t /*hsz*/); +extern void latinpoly_aadhash_poly1305(gaead_aad */*a*/, + const void */*h*/, size_t /*hsz*/); +extern void latinpoly_aadhash_naclbox(gaead_aad */*a*/, + const void */*h*/, size_t /*hsz*/); extern void latinpoly_aaddestroy(gaead_aad */*a*/); +/* Variants. */ +enum { LPVAR_NACLBOX, LPVAR_POLY1305 }; + /* --- @latinpoly_tag@ --- * * * Arguments: @const poly1305_ctx *aad@ = Poly1305 context hashing AAD @@ -116,7 +121,7 @@ extern void latinpoly_tag(const poly1305_ctx */*aad*/, /* Utilities. */ \ \ /* Reinitialize the stream cipher and hash state given a new nonce. */ \ -static int reinit_##latin(x##latin##_ctx *ctx, \ +static int reinit_##latin(x##latin##_ctx *ctx, int var, \ poly1305_ctx *aadpoly, poly1305_ctx *ctpoly, \ const void *n, size_t nsz) \ { \ @@ -141,16 +146,28 @@ static int reinit_##latin(x##latin##_ctx *ctx, \ \ latin##_encrypt(&ctx->s, 0, b, sizeof(b)); \ poly1305_keyinit(&pk, b, POLY1305_KEYSZ); \ - poly1305_macinit(aadpoly, &pk, b + POLY1305_KEYSZ); \ poly1305_macinit(ctpoly, &pk, b + POLY1305_KEYSZ); \ - latin##_encrypt(&ctx->s, 0, 0, SALSA20_OUTSZ - sizeof(b)); \ + switch (var) { \ + case LPVAR_NACLBOX: \ + aadpoly->count = 0; aadpoly->nbuf = 0; \ + break; \ + case LPVAR_POLY1305: \ + poly1305_macinit(aadpoly, &pk, b + POLY1305_KEYSZ); \ + latin##_encrypt(&ctx->s, 0, 0, SALSA20_OUTSZ - sizeof(b)); \ + break; \ + default: \ + assert(0); \ + } \ return (0); \ } \ \ /* AAD operations. */ \ \ -static const gaead_aadops gaops_##latin = \ - { &latin##_poly1305, 0, latinpoly_aadhash, latinpoly_aaddestroy }; \ +static const gaead_aadops gaops_##latin##_poly1305 = \ + { &latin##_poly1305, 0, latinpoly_aadhash_poly1305, latinpoly_aaddestroy }; \ + \ +static const gaead_aadops gaops_##latin##_naclbox = \ + { &latin##_naclbox, 0, latinpoly_aadhash_naclbox, latinpoly_aaddestroy }; \ \ /* Encryption operations. */ \ \ @@ -164,11 +181,22 @@ typedef struct gectx_##latin { \ static gaead_aad *geaad_##latin(gaead_enc *e) \ { gectx_##latin *enc = (gectx_##latin *)e; return (&enc->aad.a); } \ \ -static int gereinit_##latin(gaead_enc *e, const void *n, size_t nsz, \ - size_t hsz, size_t msz, size_t tsz) \ +static int gereinit_##latin##_poly1305(gaead_enc *e, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ +{ \ + gectx_##latin *enc = (gectx_##latin *)e; \ + return (reinit_##latin(&enc->ctx, LPVAR_POLY1305, \ + &enc->aad.poly, &enc->poly, n, nsz)); \ +} \ + \ +static int gereinit_##latin##_naclbox(gaead_enc *e, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ { \ gectx_##latin *enc = (gectx_##latin *)e; \ - return (reinit_##latin(&enc->ctx, &enc->aad.poly, &enc->poly, n, nsz)); \ + return (reinit_##latin(&enc->ctx, LPVAR_NACLBOX, \ + &enc->aad.poly, &enc->poly, n, nsz)); \ } \ \ static int geenc_##latin(gaead_enc *e, \ @@ -184,26 +212,49 @@ static int geenc_##latin(gaead_enc *e, \ return (0); \ } \ \ -static int gedone_##latin(gaead_enc *e, const gaead_aad *a, \ - buf *b, void *t, size_t tsz) \ +static int gedone_##latin##_common(gectx_##latin *enc, \ + const latinpoly_aad *aad, \ + buf *b, size_t tsz) \ +{ \ + if (tsz != POLY1305_TAGSZ) return (-1); \ + assert((!enc->aad.poly.count && !enc->aad.poly.nbuf && !aad) || \ + aad == &enc->aad); \ + if (!BOK(b)) return (-1); \ + return (0); \ +} \ + \ +static int gedone_##latin##_poly1305(gaead_enc *e, const gaead_aad *a, \ + buf *b, void *t, size_t tsz) \ { \ gectx_##latin *enc = (gectx_##latin *)e; \ const latinpoly_aad *aad = (const latinpoly_aad *)a; \ \ - if (tsz != POLY1305_TAGSZ) return (-1); \ - assert((!enc->aad.poly.count && !enc->aad.poly.nbuf && !a) || \ - a == &enc->aad.a); \ - if (!BOK(b)) return (-1); \ + if (gedone_##latin##_common(enc, aad, b, tsz)) return (-1); \ latinpoly_tag(aad ? &aad->poly : 0, &enc->poly, t); \ return (0); \ } \ \ +static int gedone_##latin##_naclbox(gaead_enc *e, const gaead_aad *a, \ + buf *b, void *t, size_t tsz) \ +{ \ + gectx_##latin *enc = (gectx_##latin *)e; \ + const latinpoly_aad *aad = (const latinpoly_aad *)a; \ + \ + if (gedone_##latin##_common(enc, aad, b, tsz)) return (-1); \ + poly1305_done(&enc->poly, t); \ + return (0); \ +} \ + \ static void gedestroy_##latin(gaead_enc *e) \ { gectx_##latin *enc = (gectx_##latin *)e; BURN(*enc); S_DESTROY(enc); } \ \ -static gaead_encops geops_##latin = \ - { &latin##_poly1305, geaad_##latin, gereinit_##latin, \ - geenc_##latin, gedone_##latin, gedestroy_##latin }; \ +static gaead_encops geops_##latin##_poly1305 = \ + { &latin##_poly1305, geaad_##latin, gereinit_##latin##_poly1305, \ + geenc_##latin, gedone_##latin##_poly1305, gedestroy_##latin }; \ + \ +static gaead_encops geops_##latin##_naclbox = \ + { &latin##_naclbox, geaad_##latin, gereinit_##latin##_naclbox, \ + geenc_##latin, gedone_##latin##_naclbox, gedestroy_##latin }; \ \ /* Decryption operations. */ \ \ @@ -217,11 +268,22 @@ typedef struct gdctx_##latin { \ static gaead_aad *gdaad_##latin(gaead_dec *d) \ { gdctx_##latin *dec = (gdctx_##latin *)d; return (&dec->aad.a); } \ \ -static int gdreinit_##latin(gaead_dec *d, const void *n, size_t nsz, \ - size_t hsz, size_t msz, size_t tsz) \ +static int gdreinit_##latin##_poly1305(gaead_dec *d, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ { \ gdctx_##latin *dec = (gdctx_##latin *)d; \ - return (reinit_##latin(&dec->ctx, &dec->aad.poly, &dec->poly, n, nsz)); \ + return (reinit_##latin(&dec->ctx, LPVAR_POLY1305, \ + &dec->aad.poly, &dec->poly, n, nsz)); \ +} \ + \ +static int gdreinit_##latin##_naclbox(gaead_dec *d, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, size_t tsz) \ +{ \ + gdctx_##latin *dec = (gdctx_##latin *)d; \ + return (reinit_##latin(&dec->ctx, LPVAR_NACLBOX, \ + &dec->aad.poly, &dec->poly, n, nsz)); \ } \ \ static int gddec_##latin(gaead_dec *d, \ @@ -237,79 +299,165 @@ static int gddec_##latin(gaead_dec *d, \ return (0); \ } \ \ -static int gddone_##latin(gaead_dec *d, const gaead_aad *a, \ - buf *b, const void *t, size_t tsz) \ +static int gddone_##latin##_common(gdctx_##latin *dec, \ + const latinpoly_aad *aad, \ + buf *b, size_t tsz) \ +{ \ + if (tsz != POLY1305_TAGSZ) return (-1); \ + assert((!dec->aad.poly.count && !dec->aad.poly.nbuf && !aad) || \ + aad == &dec->aad); \ + if (!BOK(b)) return (-1); \ + return (0); \ +} \ + \ +static int gddone_##latin##_poly1305(gaead_dec *d, const gaead_aad *a, \ + buf *b, const void *t, size_t tsz) \ { \ gdctx_##latin *dec = (gdctx_##latin *)d; \ const latinpoly_aad *aad = (const latinpoly_aad *)a; \ octet u[POLY1305_TAGSZ]; \ \ - if (tsz != POLY1305_TAGSZ) return (-1); \ - assert((!dec->aad.poly.count && !dec->aad.poly.nbuf && !a) || \ - a == &dec->aad.a); \ - if (!BOK(b)) return (-1); \ + if (gddone_##latin##_common(dec, aad, b, tsz)) return (-1); \ latinpoly_tag(aad ? &aad->poly : 0, &dec->poly, u); \ if (ct_memeq(t, u, POLY1305_TAGSZ)) return (+1); \ else return (0); \ } \ \ +static int gddone_##latin##_naclbox(gaead_dec *d, const gaead_aad *a, \ + buf *b, const void *t, size_t tsz) \ +{ \ + gdctx_##latin *dec = (gdctx_##latin *)d; \ + const latinpoly_aad *aad = (const latinpoly_aad *)a; \ + octet u[POLY1305_TAGSZ]; \ + \ + if (gddone_##latin##_common(dec, aad, b, tsz)) return (-1); \ + poly1305_done(&dec->poly, u); \ + if (ct_memeq(t, u, POLY1305_TAGSZ)) return (+1); \ + else return (0); \ +} \ + \ static void gddestroy_##latin(gaead_dec *d) \ { gdctx_##latin *dec = (gdctx_##latin *)d; BURN(*dec); S_DESTROY(dec); } \ \ -static gaead_decops gdops_##latin = \ - { &latin##_poly1305, gdaad_##latin, gdreinit_##latin, \ - gddec_##latin, gddone_##latin, gddestroy_##latin }; \ +static gaead_decops gdops_##latin##_poly1305 = \ + { &latin##_poly1305, gdaad_##latin, gdreinit_##latin##_poly1305, \ + gddec_##latin, gddone_##latin##_poly1305, gddestroy_##latin }; \ + \ +static gaead_decops gdops_##latin##_naclbox = \ + { &latin##_poly1305, gdaad_##latin, gdreinit_##latin##_naclbox, \ + gddec_##latin, gddone_##latin##_naclbox, gddestroy_##latin }; \ \ /* Key operations. */ \ \ -static gaead_enc *gkenc_##latin(const gaead_key *k, \ - const void *n, size_t nsz, \ - size_t hsz, size_t msz, size_t tsz) \ +static gaead_enc *gkenc_##latin##_poly1305(const gaead_key *k, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, \ + size_t tsz) \ +{ \ + latinpoly_key *key = (latinpoly_key *)k; \ + gectx_##latin *enc = S_CREATE(gectx_##latin); \ + \ + enc->e.ops = &geops_##latin##_poly1305; \ + enc->aad.a.ops = &gaops_##latin##_poly1305; \ + x##latin##_init(&enc->ctx, key->key, key->ksz, 0); \ + if (reinit_##latin(&enc->ctx, LPVAR_POLY1305, \ + &enc->aad.poly, &enc->poly, n, nsz)) \ + { gedestroy_##latin(&enc->e); return (0); } \ + return (&enc->e); \ +} \ + \ +static gaead_enc *gkenc_##latin##_naclbox(const gaead_key *k, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, \ + size_t tsz) \ { \ latinpoly_key *key = (latinpoly_key *)k; \ gectx_##latin *enc = S_CREATE(gectx_##latin); \ \ - enc->e.ops = &geops_##latin; enc->aad.a.ops = &gaops_##latin; \ + enc->e.ops = &geops_##latin##_naclbox; \ + enc->aad.a.ops = &gaops_##latin##_naclbox; \ x##latin##_init(&enc->ctx, key->key, key->ksz, 0); \ - reinit_##latin(&enc->ctx, &enc->aad.poly, &enc->poly, n, nsz); \ + if (reinit_##latin(&enc->ctx, LPVAR_NACLBOX, \ + &enc->aad.poly, &enc->poly, n, nsz)) \ + { gedestroy_##latin(&enc->e); return (0); } \ return (&enc->e); \ } \ \ -static gaead_dec *gkdec_##latin(const gaead_key *k, \ - const void *n, size_t nsz, \ - size_t hsz, size_t msz, size_t tsz) \ +static gaead_dec *gkdec_##latin##_poly1305(const gaead_key *k, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, \ + size_t tsz) \ { \ latinpoly_key *key = (latinpoly_key *)k; \ gdctx_##latin *dec = S_CREATE(gdctx_##latin); \ \ - dec->d.ops = &gdops_##latin; dec->aad.a.ops = &gaops_##latin; \ + dec->d.ops = &gdops_##latin##_poly1305; \ + dec->aad.a.ops = &gaops_##latin##_poly1305; \ x##latin##_init(&dec->ctx, key->key, key->ksz, 0); \ - reinit_##latin(&dec->ctx, &dec->aad.poly, &dec->poly, n, nsz); \ + if (reinit_##latin(&dec->ctx, LPVAR_POLY1305, \ + &dec->aad.poly, &dec->poly, n, nsz)) \ + { gddestroy_##latin(&dec->d); return (0); } \ + return (&dec->d); \ +} \ + \ +static gaead_dec *gkdec_##latin##_naclbox(const gaead_key *k, \ + const void *n, size_t nsz, \ + size_t hsz, size_t msz, \ + size_t tsz) \ +{ \ + latinpoly_key *key = (latinpoly_key *)k; \ + gdctx_##latin *dec = S_CREATE(gdctx_##latin); \ + \ + dec->d.ops = &gdops_##latin##_naclbox; \ + dec->aad.a.ops = &gaops_##latin##_naclbox; \ + x##latin##_init(&dec->ctx, key->key, key->ksz, 0); \ + if (reinit_##latin(&dec->ctx, LPVAR_NACLBOX, \ + &dec->aad.poly, &dec->poly, n, nsz)) \ + { gddestroy_##latin(&dec->d); return (0); } \ return (&dec->d); \ } \ \ static void gkdestroy_##latin(gaead_key *k) \ { latinpoly_key *key = (latinpoly_key *)k; BURN(*key); S_DESTROY(key); } \ \ -static const gaead_keyops gkops_##latin = \ - { &latin##_poly1305, 0, gkenc_##latin, gkdec_##latin, \ +static const gaead_keyops gkops_##latin##_poly1305 = \ + { &latin##_poly1305, 0, \ + gkenc_##latin##_poly1305, gkdec_##latin##_poly1305, \ + gkdestroy_##latin }; \ + \ +static const gaead_keyops gkops_##latin##_naclbox = \ + { &latin##_naclbox, 0, \ + gkenc_##latin##_naclbox, gkdec_##latin##_naclbox, \ gkdestroy_##latin }; \ \ /* Class definition. */ \ \ -static gaead_key *gkey_##latin(const void *k, size_t ksz) \ +static gaead_key *gkey_##latin##_common(const gaead_keyops *ops, \ + const void *k, size_t ksz) \ { \ latinpoly_key *key = S_CREATE(latinpoly_key); \ \ - key->k.ops = &gkops_##latin; \ + key->k.ops = ops; \ KSZ_ASSERT(latin, ksz); memcpy(key->key, k, ksz); key->ksz = ksz; \ return (&key->k); \ } \ \ +static gaead_key *gkey_##latin##_poly1305(const void *k, size_t ksz) \ + { return (gkey_##latin##_common(&gkops_##latin##_poly1305, k, ksz)); } \ + \ +static gaead_key *gkey_##latin##_naclbox(const void *k, size_t ksz) \ + { return (gkey_##latin##_common(&gkops_##latin##_naclbox, k, ksz)); } \ + \ const gcaead latin##_poly1305 = { \ name "-poly1305", latin##_keysz, latinpoly_noncesz, latinpoly_tagsz, \ 64, 0, 0, AEADF_AADNDEP, \ - gkey_##latin \ + gkey_##latin##_poly1305 \ +}; \ + \ +const gcaead latin##_naclbox = { \ + name "-naclbox", latin##_keysz, latinpoly_noncesz, latinpoly_tagsz, \ + 64, 0, 0, AEADF_AADNDEP | AEADF_NOAAD, \ + gkey_##latin##_naclbox \ }; /*----- That's all, folks -------------------------------------------------*/