#include #include "poly1305_donna.h" #include "crypto_verify_16.h" #include "private/common.h" #include "utils.h" #ifdef HAVE_TI_MODE #include "poly1305_donna64.h" #else #include "poly1305_donna32.h" #endif #include "../onetimeauth_poly1305.h" static void poly1305_update(poly1305_state_internal_t *st, const unsigned char *m, unsigned long long bytes) { unsigned long long i; /* handle leftover */ if (st->leftover) { unsigned long long want = (poly1305_block_size - st->leftover); if (want > bytes) { want = bytes; } for (i = 0; i < want; i++) { st->buffer[st->leftover + i] = m[i]; } bytes -= want; m += want; st->leftover += want; if (st->leftover < poly1305_block_size) { return; } poly1305_blocks(st, st->buffer, poly1305_block_size); st->leftover = 0; } /* process full blocks */ if (bytes >= poly1305_block_size) { unsigned long long want = (bytes & ~(poly1305_block_size - 1)); poly1305_blocks(st, m, want); m += want; bytes -= want; } /* store leftover */ if (bytes) { for (i = 0; i < bytes; i++) { st->buffer[st->leftover + i] = m[i]; } st->leftover += bytes; } } static int crypto_onetimeauth_poly1305_donna(unsigned char *out, const unsigned char *m, unsigned long long inlen, const unsigned char *key) { CRYPTO_ALIGN(64) poly1305_state_internal_t state; poly1305_init(&state, key); poly1305_update(&state, m, inlen); poly1305_finish(&state, out); return 0; } static int crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state, const unsigned char *key) { COMPILER_ASSERT(sizeof(crypto_onetimeauth_poly1305_state) >= sizeof(poly1305_state_internal_t)); poly1305_init((poly1305_state_internal_t *) (void *) state, key); return 0; } static int crypto_onetimeauth_poly1305_donna_update( crypto_onetimeauth_poly1305_state *state, const unsigned char *in, unsigned long long inlen) { poly1305_update((poly1305_state_internal_t *) (void *) state, in, inlen); return 0; } static int crypto_onetimeauth_poly1305_donna_final( crypto_onetimeauth_poly1305_state *state, unsigned char *out) { poly1305_finish((poly1305_state_internal_t *) (void *) state, out); return 0; } static int crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) { unsigned char correct[16]; crypto_onetimeauth_poly1305_donna(correct, in, inlen, k); return crypto_verify_16(h, correct); } struct crypto_onetimeauth_poly1305_implementation crypto_onetimeauth_poly1305_donna_implementation = { SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna, SODIUM_C99(.onetimeauth_verify =) crypto_onetimeauth_poly1305_donna_verify, SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init, SODIUM_C99(.onetimeauth_update =) crypto_onetimeauth_poly1305_donna_update, SODIUM_C99(.onetimeauth_final =) crypto_onetimeauth_poly1305_donna_final };