poly1305_digest: Use union nettle_block16.

ChangeLog

 2014-01-20  Niels Möller  <nisse@lysator.liu.se>
 
+	* poly1305-internal.c (poly1305_digest): Use union nettle_block16
+	for s argument.
+	* poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
+	change.
+
 	Merged poly1305 changes (starting at 2013-11-08).
 	* x86_64/poly1305-internal.asm: Update to new interface.
 	poly1305_digest much simplified.

poly1305-aes.c

@@ -47,7 +47,8 @@ poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
 #define COMPRESS(ctx, data) _poly1305_block(&(ctx)->pctx, (data), 1)
 
 void
-poly1305_aes_update (struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data)
+poly1305_aes_update (struct poly1305_aes_ctx *ctx,
+		     size_t length, const uint8_t *data)
 {
   MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
 }
@@ -56,7 +57,7 @@ void
 poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
 		     size_t length, uint8_t *digest)
 {
-  uint8_t s[POLY1305_BLOCK_SIZE];
+  union nettle_block16 s;
   /* final bytes */
   if (ctx->index > 0)
     {
@@ -68,10 +69,10 @@ poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
 
       _poly1305_block (&ctx->pctx, ctx->block, 0);
     }
-  aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s, ctx->nonce);
+  aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s.b, ctx->nonce);
   
-  poly1305_digest (&ctx->pctx, s);
-  memcpy (digest, s, length);
+  poly1305_digest (&ctx->pctx, &s);
+  memcpy (digest, s.b, length);
 
   INCREMENT (16, ctx->nonce);
   ctx->index = 0;

poly1305-internal.c

@@ -86,7 +86,7 @@ poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16])
 }
 
 void
-_poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
+_poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m, unsigned t4)
 {
   uint32_t t0,t1,t2,t3;
   uint32_t b;
@@ -121,7 +121,7 @@ _poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
 
 /* Adds digest to the nonce */
 void
-poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s)
+poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s)
 {
   uint32_t b, nb;
   uint64_t f0,f1,f2,f3;
@@ -149,18 +149,19 @@ poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s)
   ctx->h3 = (ctx->h3 & nb) | (g3 & b);
   ctx->h4 = (ctx->h4 & nb) | (g4 & b);
 
-  f0 = ((ctx->h0      ) | (ctx->h1 << 26)) + (uint64_t)LE_READ_UINT32(s);
-  f1 = ((ctx->h1 >>  6) | (ctx->h2 << 20)) + (uint64_t)LE_READ_UINT32(s+4);
-  f2 = ((ctx->h2 >> 12) | (ctx->h3 << 14)) + (uint64_t)LE_READ_UINT32(s+8);
-  f3 = ((ctx->h3 >> 18) | (ctx->h4 <<  8)) + (uint64_t)LE_READ_UINT32(s+12);
+  /* FIXME: Take advantage of s being aligned as an unsigned long. */
+  f0 = ((ctx->h0    )|(ctx->h1<<26)) + (uint64_t)LE_READ_UINT32(s->b);
+  f1 = ((ctx->h1>> 6)|(ctx->h2<<20)) + (uint64_t)LE_READ_UINT32(s->b+4);
+  f2 = ((ctx->h2>>12)|(ctx->h3<<14)) + (uint64_t)LE_READ_UINT32(s->b+8);
+  f3 = ((ctx->h3>>18)|(ctx->h4<< 8)) + (uint64_t)LE_READ_UINT32(s->b+12);
 
-  LE_WRITE_UINT32(s, f0);
+  LE_WRITE_UINT32(s->b, f0);
   f1 += (f0 >> 32);
-  LE_WRITE_UINT32(s+4, f1);
+  LE_WRITE_UINT32(s->b+4, f1);
   f2 += (f1 >> 32);
-  LE_WRITE_UINT32(s+8, f2);
+  LE_WRITE_UINT32(s->b+8, f2);
   f3 += (f2 >> 32);
-  LE_WRITE_UINT32(s+12, f3);
+  LE_WRITE_UINT32(s->b+12, f3);
 
   ctx->h0 = 0;
   ctx->h1 = 0;

poly1305.h

@@ -71,9 +71,9 @@ struct poly1305_ctx {
 /* Low-level internal interface. */
 void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
 /* Extracts digest, and adds it to s, the encrypted nonce. */
-void poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s);
+void poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s);
 /* Internal function. Process one block. */
-void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE],
+void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
 		      unsigned high);
 
 /* poly1305-aes */