X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/b8f727eb436070ed90eb90c725e30c5e913b8ab9..3deadf73ca497f4c50a2dbe387f544ef0070cfb4:/server/bulkcrypto.c

diff --git a/server/bulkcrypto.c b/server/bulkcrypto.c
index fff2c825..d0e654cc 100644
--- a/server/bulkcrypto.c
+++ b/server/bulkcrypto.c
@@ -251,25 +251,26 @@ static bulkchal *gencomp_genchal(const gencomp_algs *a)
   return (&gc->_b);
 }
 
-static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz, void *t)
+static int gencomp_chaltag(bulkchal *bc, const void *m, size_t msz,
+			   uint32 seq, void *t)
 {
   gencomp_chal *gc = (gencomp_chal *)bc;
   ghash *h = GM_INIT(gc->m);
 
-  GH_HASH(h, m, msz);
+  GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz);
   memcpy(t, GH_DONE(h, 0), bc->tagsz);
   GH_DESTROY(h);
   return (0);
 }
 
 static int gencomp_chalvrf(bulkchal *bc, const void *m, size_t msz,
-			   const void *t)
+			   uint32 seq, const void *t)
 {
   gencomp_chal *gc = (gencomp_chal *)bc;
   ghash *h = GM_INIT(gc->m);
   int ok;
 
-  GH_HASH(h, m, msz);
+  GH_HASHU32(h, seq); if (msz) GH_HASH(h, m, msz);
   ok = ct_memeq(GH_DONE(h, 0), t, gc->_b.tagsz);
   GH_DESTROY(h);
   return (ok ? 0 : -1);
@@ -987,31 +988,44 @@ static bulkchal *naclbox_genchal(const bulkalgs *aa)
     trace(T_CHAL, "chal: generated new challenge key");
     trace_block(T_CRYPTO, "chal: new key", buf_t, a->cksz);
   })
-  c->_b.tagsz = 16;
+  c->_b.tagsz = POLY1305_TAGSZ;
   return (&c->_b);
 }
 
-static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz, void *t)
+static int naclbox_chaltag(bulkchal *bc, const void *m, size_t msz,
+			   uint32 seq, void *t)
 {
   naclbox_chal *c = (naclbox_chal *)bc;
-  octet b0[SALSA20_NONCESZ];
-  assert(msz <= sizeof(b0));
-  memcpy(b0, m, msz); memset(b0 + msz, 0, sizeof(b0) - msz);
-  GC_SETIV(c->c, b0);
-  GC_ENCRYPT(c->c, 0, t, c->_b.tagsz);
+  poly1305_key pk;
+  poly1305_ctx pm;
+  octet b[POLY1305_KEYSZ + POLY1305_MASKSZ];
+
+  assert(SALSA20_NONCESZ <= sizeof(b));
+  memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq);
+  GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b));
+  poly1305_keyinit(&pk, b, POLY1305_KEYSZ);
+  poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ);
+  if (msz) poly1305_hash(&pm, m, msz);
+  poly1305_done(&pm, t);
   return (0);
 }
 
 static int naclbox_chalvrf(bulkchal *bc, const void *m, size_t msz,
-			   const void *t)
+			   uint32 seq, const void *t)
 {
   naclbox_chal *c = (naclbox_chal *)bc;
-  octet b0[SALSA20_NONCESZ], b1[16];
-  assert(msz <= sizeof(b0)); assert(c->_b.tagsz <= sizeof(b1));
-  memcpy(b0, m, msz); memset(b0 + msz, 0, sizeof(b0) - msz);
-  GC_SETIV(c->c, b0);
-  GC_ENCRYPT(c->c, 0, b1, c->_b.tagsz);
-  return (ct_memeq(t, b1, c->_b.tagsz) ? 0 : -1);
+  poly1305_key pk;
+  poly1305_ctx pm;
+  octet b[POLY1305_KEYSZ + POLY1305_MASKSZ];
+
+  assert(SALSA20_NONCESZ <= sizeof(b));
+  memset(b, 0, SALSA20_NONCESZ - 4); STORE32(b + SALSA20_NONCESZ - 4, seq);
+  GC_SETIV(c->c, b); GC_ENCRYPT(c->c, 0, b, sizeof(b));
+  poly1305_keyinit(&pk, b, POLY1305_KEYSZ);
+  poly1305_macinit(&pm, &pk, b + POLY1305_KEYSZ);
+  if (msz) poly1305_hash(&pm, m, msz);
+  assert(POLY1305_TAGSZ <= sizeof(b)); poly1305_done(&pm, b);
+  return (ct_memeq(t, b, POLY1305_TAGSZ) ? 0 : -1);
 }
 
 static void naclbox_freechal(bulkchal *bc)