Commit fb19e5ef authored by Niels Möller's avatar Niels Möller

Preparations for 64-bit poly1305.

parent 770dc01f
2013-11-21 Niels Möller <nisse@lysator.liu.se>
* poly1305.h (POLY1305_DIGEST): Pass the encrypted nonce as an
additional argument to poly1305_digest.
(struct poly1305_ctx): Introduce unions, to support either 26-bit
or 64-bit implementation.
* poly1305-internal.c (poly1305_digest): Added s argument.
* poly1305.c (poly1305_set_s): Deleted function.
2013-11-12 Niels Möller <nisse@lysator.liu.se> 2013-11-12 Niels Möller <nisse@lysator.liu.se>
* poly1305-internal.c: New file, for poly1305 functions depending * poly1305-internal.c: New file, for poly1305 functions depending
......
...@@ -38,6 +38,22 @@ ...@@ -38,6 +38,22 @@
#define mul32x32_64(a,b) ((uint64_t)(a) * (b)) #define mul32x32_64(a,b) ((uint64_t)(a) * (b))
#define r0 r.r32[0]
#define r1 r.r32[1]
#define r2 r.r32[2]
#define r3 r.r32[3]
#define r4 r.r32[4]
#define s1 r.r32[5]
#define s2 r.s32[0]
#define s3 r.s32[1]
#define s4 r.s32[2]
#define h0 h.h32[0]
#define h1 h.h32[1]
#define h2 h.h32[2]
#define h3 h.h32[3]
#define h4 hh
void void
poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]) poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16])
{ {
...@@ -112,7 +128,8 @@ poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16]) ...@@ -112,7 +128,8 @@ poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16])
void void
poly1305_digest (struct poly1305_ctx *ctx, poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest) size_t length, uint8_t *digest,
const uint8_t *s)
{ {
uint32_t b, nb; uint32_t b, nb;
uint64_t f0,f1,f2,f3; uint64_t f0,f1,f2,f3;
...@@ -161,10 +178,10 @@ poly1305_digest (struct poly1305_ctx *ctx, ...@@ -161,10 +178,10 @@ poly1305_digest (struct poly1305_ctx *ctx,
ctx->h3 = (ctx->h3 & nb) | (g3 & b); ctx->h3 = (ctx->h3 & nb) | (g3 & b);
ctx->h4 = (ctx->h4 & nb) | (g4 & b); ctx->h4 = (ctx->h4 & nb) | (g4 & b);
f0 = ((ctx->h0 ) | (ctx->h1 << 26)) + (uint64_t)LE_READ_UINT32(ctx->s); f0 = ((ctx->h0 ) | (ctx->h1 << 26)) + (uint64_t)LE_READ_UINT32(s);
f1 = ((ctx->h1 >> 6) | (ctx->h2 << 20)) + (uint64_t)LE_READ_UINT32(ctx->s+4); f1 = ((ctx->h1 >> 6) | (ctx->h2 << 20)) + (uint64_t)LE_READ_UINT32(s+4);
f2 = ((ctx->h2 >> 12) | (ctx->h3 << 14)) + (uint64_t)LE_READ_UINT32(ctx->s+8); f2 = ((ctx->h2 >> 12) | (ctx->h3 << 14)) + (uint64_t)LE_READ_UINT32(s+8);
f3 = ((ctx->h3 >> 18) | (ctx->h4 << 8)) + (uint64_t)LE_READ_UINT32(ctx->s+12); f3 = ((ctx->h3 >> 18) | (ctx->h4 << 8)) + (uint64_t)LE_READ_UINT32(s+12);
LE_WRITE_UINT32(td, f0); LE_WRITE_UINT32(td, f0);
f1 += (f0 >> 32); f1 += (f0 >> 32);
......
...@@ -31,9 +31,3 @@ poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce) ...@@ -31,9 +31,3 @@ poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce)
{ {
memcpy (ctx->nonce, nonce, 16); memcpy (ctx->nonce, nonce, 16);
} }
void
poly1305_set_s (struct poly1305_ctx *ctx, const uint8_t * s)
{
memcpy (ctx->s, s, 16);
}
...@@ -37,11 +37,23 @@ extern "C" { ...@@ -37,11 +37,23 @@ extern "C" {
#include "nettle-types.h" #include "nettle-types.h"
struct poly1305_ctx { struct poly1305_ctx {
uint32_t h0; uint32_t h1; uint32_t h2; uint32_t h3; uint32_t h4; /* Key, 128-bit value and some cached multiples. */
uint32_t r0; uint32_t r1; uint32_t r2; uint32_t r3; uint32_t r4; union
uint32_t s1; uint32_t s2; uint32_t s3; uint32_t s4; {
uint32_t r32[6];
uint64_t r64[3];
} r;
uint32_t s32[3];
/* State, represented as words of 26, 32 or 64 bits, depending on
implementation. */
/* High bits, first to maintain alignment. */
uint32_t hh;
union
{
uint32_t h32[4];
uint64_t h64[2];
} h;
uint8_t s[16]; /* typically AES_k(nonce) */
uint8_t nonce[16]; uint8_t nonce[16];
uint8_t block[16]; uint8_t block[16];
unsigned index; unsigned index;
...@@ -53,15 +65,15 @@ struct poly1305_ctx { ...@@ -53,15 +65,15 @@ struct poly1305_ctx {
#define poly1305_set_key nettle_poly1305_set_key #define poly1305_set_key nettle_poly1305_set_key
#define poly1305_set_nonce nettle_poly1305_set_nonce #define poly1305_set_nonce nettle_poly1305_set_nonce
#define poly1305_set_s nettle_poly1305_set_s #define poly1305_block nettle_poly1305_block
#define poly1305_block nettle_poly1305_round
#define poly1305_digest nettle_poly1305_digest #define poly1305_digest nettle_poly1305_digest
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]); void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]);
void poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce); void poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce);
void poly1305_set_s (struct poly1305_ctx *ctx, const uint8_t *s);
void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16]); void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16]);
void poly1305_digest (struct poly1305_ctx *ctx, size_t length, uint8_t *digest);
void poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest, const uint8_t *s);
#define POLY1305_SET_KEY(ctx, set_key, key) \ #define POLY1305_SET_KEY(ctx, set_key, key) \
do { \ do { \
...@@ -85,8 +97,7 @@ void poly1305_digest (struct poly1305_ctx *ctx, size_t length, uint8_t *digest); ...@@ -85,8 +97,7 @@ void poly1305_digest (struct poly1305_ctx *ctx, size_t length, uint8_t *digest);
do { \ do { \
uint8_t _ts[16]; \ uint8_t _ts[16]; \
(encrypt)(&(ctx)->cipher, 16, _ts, (ctx)->pctx.nonce); \ (encrypt)(&(ctx)->cipher, 16, _ts, (ctx)->pctx.nonce); \
poly1305_set_s(&(ctx)->pctx, _ts); \ poly1305_digest (&(ctx)->pctx, (length), (digest), _ts); \
poly1305_digest (&(ctx)->pctx, (length), (digest)); \
INCREMENT (16, (ctx)->pctx.nonce); \ INCREMENT (16, (ctx)->pctx.nonce); \
(ctx)->pctx.index = 0; \ (ctx)->pctx.index = 0; \
} while(0); } while(0);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment