return (&gc->_b);
}
-static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz, void *t)
+static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz,
+ uint32 seq, void *t)
{
gencomp_chal *gc = (gencomp_chal *)bc;
ghash *h = GM_INIT(gc->m);
- GH_HASH(h, m, msz);
+ GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz);
memcpy(t, GH_DONE(h, 0), bc->tagsz);
GH_DESTROY(h);
return (0);
}
static int gencomp_chalvrf(bulkchal *bc, const void *m, size_t msz,
- const void *t)
+ uint32 seq, const void *t)
{
gencomp_chal *gc = (gencomp_chal *)bc;
ghash *h = GM_INIT(gc->m);
int ok;
- GH_HASH(h, m, msz);
+ GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz);
ok = ct_memeq(GH_DONE(h, 0), t, gc->_b.tagsz);
GH_DESTROY(h);
return (ok ? 0 : -1);
trace(T_CHAL, "chal: generated new challenge key");
trace_block(T_CRYPTO, "chal: new key", buf_t, a->cksz);
})
- c->_b.tagsz = 16;
+ c->_b.tagsz = POLY1305_TAGSZ;
return (&c->_b);
}
-static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz, void *t)
+static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz,
+ uint32 seq, void *t)
{
naclbox_chal *c = (naclbox_chal *)bc;
- octet b0[SALSA20_NONCESZ];
- assert(msz <= sizeof(b0));
- memcpy(b0, m, msz); memset(b0 + msz, 0, sizeof(b0) - msz);
- GC_SETIV(c->c, b0);
- GC_ENCRYPT(c->c, 0, t, c->_b.tagsz);
+ poly1305_key pk;
+ poly1305_ctx pm;
+ octet b[POLY1305_KEYSZ + POLY1305_MASKSZ];
+
+ assert(SALSA20_NONCESZ <= sizeof(b));
+ memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq);
+ GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b));
+ poly1305_keyinit(&pk, b, POLY1305_KEYSZ);
+ poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ);
+ if (msz) poly1305_hash(&pm, m, msz);
+ poly1305_done(&pm, t);
return (0);
}
static int naclbox_chalvrf(bulkchal *bc, const void *m, size_t msz,
- const void *t)
+ uint32 seq, const void *t)
{
naclbox_chal *c = (naclbox_chal *)bc;
- octet b0[SALSA20_NONCESZ], b1[16];
- assert(msz <= sizeof(b0)); assert(c->_b.tagsz <= sizeof(b1));
- memcpy(b0, m, msz); memset(b0 + msz, 0, sizeof(b0) - msz);
- GC_SETIV(c->c, b0);
- GC_ENCRYPT(c->c, 0, b1, c->_b.tagsz);
- return (ct_memeq(t, b1, c->_b.tagsz) ? 0 : -1);
+ poly1305_key pk;
+ poly1305_ctx pm;
+ octet b[POLY1305_KEYSZ + POLY1305_MASKSZ];
+
+ assert(SALSA20_NONCESZ <= sizeof(b));
+ memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq);
+ GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b));
+ poly1305_keyinit(&pk, b, POLY1305_KEYSZ);
+ poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ);
+ if (msz) poly1305_hash(&pm, m, msz);
+ assert(POLY1305_TAGSZ <= sizeof(b)); poly1305_done(&pm, b);
+ return (ct_memeq(t, b, POLY1305_TAGSZ) ? 0 : -1);
}
static void naclbox_freechal(bulkchal *bc)