Commit 51473db7 authored by Niels Möller's avatar Niels Möller

poly1305_block: New argument for the high bit.

parent 52f99db2
2014-01-17 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c (poly1305_block): Additional argument with
the high bit.
(poly1305_block_internal): Deleted function, code moved into the
poly1305_block.
(poly1305_digest): Simplified padding code, call poly1305_block
with high bit 0.
* poly1305.h (poly1305_block): Update prototype.
* poly1305.c (poly1305_update): Call poly1305_block with high bit 1.
* x86_64/poly1305-internal.asm (poly1305_block): Handle new
argument.
* poly1305.h (struct poly1305_ctx): Moved nonce field from here...
(struct poly1305_aes_ctx): ... to here.
* poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
......
......@@ -2,9 +2,11 @@
*
* Placed by the author under public domain or the MIT license.
* (see https://github.com/floodyberry/poly1305-donna )
* Modified for nettle by Nikos Mavrogiannopoulos.
* Modified for nettle by Nikos Mavrogiannopoulos and Niels Möller.
*
* Copyright: 2012-2013 Andrew M. (floodyberry)
* Copyright: 2013 Nikos Mavrogiannopoulos
* Copyright: 2013 Niels Möller
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
......@@ -30,6 +32,7 @@
#include "config.h"
#endif
#include <assert.h>
#include <string.h>
#include "poly1305.h"
......@@ -82,20 +85,24 @@ poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16])
ctx->h4 = 0;
}
static void
poly1305_block_internal (struct poly1305_ctx *ctx,
uint32_t t0, uint32_t t1, uint32_t t2, uint32_t t3,
uint32_t t4)
void
poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
{
uint32_t t0,t1,t2,t3;
uint32_t b;
uint64_t t[5];
uint64_t c;
t0 = LE_READ_UINT32(m);
t1 = LE_READ_UINT32(m+4);
t2 = LE_READ_UINT32(m+8);
t3 = LE_READ_UINT32(m+12);
ctx->h0 += t0 & 0x3ffffff;
ctx->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
ctx->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
ctx->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
ctx->h4 += (t3 >> 8) | (t4 << 24);
ctx->h4 += (t3 >> 8) | ((uint32_t) t4 << 24);
/* poly1305_donna_mul: */
t[0] = mul32x32_64(ctx->h0,ctx->r0) + mul32x32_64(ctx->h1,ctx->s4) + mul32x32_64(ctx->h2,ctx->s3) + mul32x32_64(ctx->h3,ctx->s2) + mul32x32_64(ctx->h4,ctx->s1);
......@@ -112,20 +119,6 @@ poly1305_block_internal (struct poly1305_ctx *ctx,
ctx->h0 += b * 5;
}
void
poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16])
{
uint32_t t0,t1,t2,t3;
/* full blocks */
t0 = LE_READ_UINT32(m);
t1 = LE_READ_UINT32(m+4);
t2 = LE_READ_UINT32(m+8);
t3 = LE_READ_UINT32(m+12);
poly1305_block_internal (ctx, t0, t1, t2, t3, 1);
}
void
poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest,
......@@ -140,20 +133,13 @@ poly1305_digest (struct poly1305_ctx *ctx,
/* poly1305_donna_atmost15bytes: */
if (ctx->index > 0)
{
uint32_t t0,t1,t2,t3;
size_t j;
uint8_t mp[16];
for (j = 0; j < ctx->index; j++) mp[j] = ctx->block[j];
mp[j++] = 1;
for (; j < 16; j++) mp[j] = 0;
assert (ctx->index < POLY1305_BLOCK_SIZE);
t0 = LE_READ_UINT32(mp);
t1 = LE_READ_UINT32(mp+4);
t2 = LE_READ_UINT32(mp+8);
t3 = LE_READ_UINT32(mp+12);
ctx->block[ctx->index] = 1;
memset (ctx->block + ctx->index + 1,
0, POLY1305_BLOCK_SIZE - 1 - ctx->index);
poly1305_block_internal (ctx, t0, t1, t2, t3, 0);
poly1305_block (ctx, ctx->block, 0);
}
b = ctx->h0 >> 26; ctx->h0 = ctx->h0 & 0x3ffffff;
......
......@@ -28,8 +28,10 @@
#include "macros.h"
#define COMPRESS(ctx, data) poly1305_block((ctx), (data), 1)
void
poly1305_update (struct poly1305_ctx *ctx, size_t length, const uint8_t *data)
{
MD_UPDATE (ctx, length, data, poly1305_block, (void) 0);
MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
}
......@@ -72,7 +72,8 @@ struct poly1305_ctx {
};
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE]);
void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE],
unsigned high);
void poly1305_update (struct poly1305_ctx *ctx, size_t size, const uint8_t *data);
void poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest, const uint8_t *s);
......
......@@ -75,12 +75,12 @@ C So we get
C
C x_0 r_0 + x_1 (5/4 r_1) + B (x_0 r_1 + x_1 r_0 + x_2 5/4 r_1 + B x_2 r_0)
C poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16])
C poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned hi)
PROLOGUE(nettle_poly1305_block)
mov (%rsi), T0
mov 8(%rsi), T1
mov $1, T2
mov XREG(%rdx), XREG(T2)
C FIXME: Support windows ABI
C Registers:
C Inputs: CTX, T0, T1, T2,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment