Commit dca9abf1 authored by Niels Möller's avatar Niels Möller

poly1305_digest: Use union nettle_block16.

parent efdf4f4b
2014-01-20 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c (poly1305_digest): Use union nettle_block16
for s argument.
* poly1305-aes.c (poly1305_aes_digest): Update for poly1305_digest
change.
Merged poly1305 changes (starting at 2013-11-08).
* x86_64/poly1305-internal.asm: Update to new interface.
poly1305_digest much simplified.
......
......@@ -47,7 +47,8 @@ poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
#define COMPRESS(ctx, data) _poly1305_block(&(ctx)->pctx, (data), 1)
void
poly1305_aes_update (struct poly1305_aes_ctx *ctx, size_t length, const uint8_t *data)
poly1305_aes_update (struct poly1305_aes_ctx *ctx,
size_t length, const uint8_t *data)
{
MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
}
......@@ -56,7 +57,7 @@ void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
size_t length, uint8_t *digest)
{
uint8_t s[POLY1305_BLOCK_SIZE];
union nettle_block16 s;
/* final bytes */
if (ctx->index > 0)
{
......@@ -68,10 +69,10 @@ poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
_poly1305_block (&ctx->pctx, ctx->block, 0);
}
aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s, ctx->nonce);
aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s.b, ctx->nonce);
poly1305_digest (&ctx->pctx, s);
memcpy (digest, s, length);
poly1305_digest (&ctx->pctx, &s);
memcpy (digest, s.b, length);
INCREMENT (16, ctx->nonce);
ctx->index = 0;
......
......@@ -86,7 +86,7 @@ poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16])
}
void
_poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
_poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m, unsigned t4)
{
uint32_t t0,t1,t2,t3;
uint32_t b;
......@@ -121,7 +121,7 @@ _poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16], unsigned t4)
/* Adds digest to the nonce */
void
poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s)
poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s)
{
uint32_t b, nb;
uint64_t f0,f1,f2,f3;
......@@ -149,18 +149,19 @@ poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s)
ctx->h3 = (ctx->h3 & nb) | (g3 & b);
ctx->h4 = (ctx->h4 & nb) | (g4 & b);
f0 = ((ctx->h0 ) | (ctx->h1 << 26)) + (uint64_t)LE_READ_UINT32(s);
f1 = ((ctx->h1 >> 6) | (ctx->h2 << 20)) + (uint64_t)LE_READ_UINT32(s+4);
f2 = ((ctx->h2 >> 12) | (ctx->h3 << 14)) + (uint64_t)LE_READ_UINT32(s+8);
f3 = ((ctx->h3 >> 18) | (ctx->h4 << 8)) + (uint64_t)LE_READ_UINT32(s+12);
/* FIXME: Take advantage of s being aligned as an unsigned long. */
f0 = ((ctx->h0 )|(ctx->h1<<26)) + (uint64_t)LE_READ_UINT32(s->b);
f1 = ((ctx->h1>> 6)|(ctx->h2<<20)) + (uint64_t)LE_READ_UINT32(s->b+4);
f2 = ((ctx->h2>>12)|(ctx->h3<<14)) + (uint64_t)LE_READ_UINT32(s->b+8);
f3 = ((ctx->h3>>18)|(ctx->h4<< 8)) + (uint64_t)LE_READ_UINT32(s->b+12);
LE_WRITE_UINT32(s, f0);
LE_WRITE_UINT32(s->b, f0);
f1 += (f0 >> 32);
LE_WRITE_UINT32(s+4, f1);
LE_WRITE_UINT32(s->b+4, f1);
f2 += (f1 >> 32);
LE_WRITE_UINT32(s+8, f2);
LE_WRITE_UINT32(s->b+8, f2);
f3 += (f2 >> 32);
LE_WRITE_UINT32(s+12, f3);
LE_WRITE_UINT32(s->b+12, f3);
ctx->h0 = 0;
ctx->h1 = 0;
......
......@@ -71,9 +71,9 @@ struct poly1305_ctx {
/* Low-level internal interface. */
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
/* Extracts digest, and adds it to s, the encrypted nonce. */
void poly1305_digest (struct poly1305_ctx *ctx, uint8_t *s);
void poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s);
/* Internal function. Process one block. */
void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE],
void _poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
unsigned high);
/* poly1305-aes */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment