Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Wim Lewis
nettle
Commits
04d29c83
Commit
04d29c83
authored
Nov 09, 2013
by
Nikos Mavrogiannopoulos
Committed by
Niels Möller
Nov 10, 2013
Browse files
First implementation of poly1305.
parent
a7eb86b4
Changes
10
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
04d29c83
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* poly1305.h: New file.
* poly1305.c: New file.
* poly1305-aes.h: New file.
* poly1305-aes.c: New file.
* Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
(HEADERS): Added poly1305-aes.h and poly1305.h.
* testsuite/poly1305-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
* examples/nettle-benchmark.c (time_poly1305_aes): New function.
(main): Benchmark poly1305.
2013-10-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax.c.
...
...
Makefile.in
View file @
04d29c83
...
...
@@ -103,6 +103,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
serpent-set-key.c serpent-encrypt.c serpent-decrypt.c
\
serpent-meta.c
\
twofish.c twofish-meta.c
\
poly1305-aes.c poly1305.c
\
umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c
\
umac-poly64.c umac-poly128.c umac-set-key.c
\
umac32.c umac64.c umac96.c umac128.c
\
...
...
@@ -162,7 +163,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
pgp.h pkcs1.h realloc.h ripemd160.h rsa.h rsa-compat.h
\
salsa20.h sexp.h
\
serpent.h sha.h sha1.h sha2.h sha3.h twofish.h
\
umac.h yarrow.h
umac.h yarrow.h
poly1305-aes.h poly1305.h
INSTALL_HEADERS
=
$(HEADERS)
nettle-stdint.h
...
...
examples/nettle-benchmark.c
View file @
04d29c83
...
...
@@ -56,6 +56,7 @@
#include "sha3.h"
#include "twofish.h"
#include "umac.h"
#include "poly1305-aes.h"
#include "nettle-meta.h"
#include "nettle-internal.h"
...
...
@@ -398,6 +399,23 @@ time_umac(void)
time_function
(
bench_hash
,
&
info
));
}
static
void
time_poly1305_aes
(
void
)
{
static
uint8_t
data
[
BENCH_BLOCK
];
struct
bench_hash_info
info
;
struct
poly1305_aes_ctx
ctx
;
uint8_t
key
[
32
];
poly1305_aes_set_key
(
&
ctx
,
key
);
info
.
ctx
=
&
ctx
;
info
.
update
=
(
nettle_hash_update_func
*
)
poly1305_aes_update
;
info
.
data
=
data
;
display
(
"poly1305-aes"
,
"update"
,
1024
,
time_function
(
bench_hash
,
&
info
));
}
static
void
time_gcm
(
void
)
{
...
...
@@ -718,6 +736,9 @@ main(int argc, char **argv)
if
(
!
alg
||
strstr
(
"umac"
,
alg
))
time_umac
();
if
(
!
alg
||
strstr
(
"poly1305-aes"
,
alg
))
time_poly1305_aes
();
for
(
i
=
0
;
ciphers
[
i
];
i
++
)
if
(
!
alg
||
strstr
(
ciphers
[
i
]
->
name
,
alg
))
time_cipher
(
ciphers
[
i
]);
...
...
poly1305-aes.c
0 → 100644
View file @
04d29c83
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include "macros.h"
#include "nettle-types.h"
#include "poly1305-aes.h"
void
poly1305_aes_set_key
(
struct
poly1305_aes_ctx
*
ctx
,
const
uint8_t
*
key
)
{
POLY1305_SET_KEY
(
ctx
,
aes_set_encrypt_key
,
key
);
}
void
poly1305_aes_set_nonce
(
struct
poly1305_aes_ctx
*
ctx
,
const
uint8_t
*
nonce
)
{
POLY1305_SET_NONCE
(
ctx
,
nonce
);
}
void
poly1305_aes_update
(
struct
poly1305_aes_ctx
*
ctx
,
size_t
length
,
const
uint8_t
*
data
)
{
POLY1305_UPDATE
(
ctx
,
length
,
data
);
}
void
poly1305_aes_digest
(
struct
poly1305_aes_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
)
{
POLY1305_DIGEST
(
ctx
,
aes_encrypt
,
length
,
digest
);
}
poly1305-aes.h
0 → 100644
View file @
04d29c83
/* poly1305-aes.h
*
* Poly1305 message authentication code.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_POLY1305_AES_H_INCLUDED
#define NETTLE_POLY1305_AES_H_INCLUDED
#ifdef __cplusplus
extern
"C"
{
#endif
#include "nettle-types.h"
#include "poly1305.h"
#include "aes.h"
#define POLY1305_AES_KEY_SIZE 32
#define POLY1305_AES_DIGEST_SIZE 16
#define poly1305_aes_set_key nettle_poly1305_aes_set_key
#define poly1305_aes_set_nonce nettle_poly1305_aes_set_nonce
#define poly1305_aes_update nettle_poly1305_aes_update
#define poly1305_aes_digest nettle_poly1305_aes_digest
struct
poly1305_aes_ctx
POLY1305_CTX
(
struct
aes_ctx
);
/* The _set_key function initialize the nonce to zero. */
void
poly1305_aes_set_key
(
struct
poly1305_aes_ctx
*
ctx
,
const
uint8_t
*
key
);
/* Optional, if not used, messages get incrementing nonces starting from zero. */
void
poly1305_aes_set_nonce
(
struct
poly1305_aes_ctx
*
ctx
,
const
uint8_t
*
nonce
);
void
poly1305_aes_update
(
struct
poly1305_aes_ctx
*
ctx
,
size_t
length
,
const
uint8_t
*
data
);
/* The _digest functions increment the nonce */
void
poly1305_aes_digest
(
struct
poly1305_aes_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
);
#ifdef __cplusplus
}
#endif
#endif
/* NETTLE_POLY1305_AES_H_INCLUDED */
poly1305.c
0 → 100644
View file @
04d29c83
/* nettle, low-level cryptographics library
*
* Placed by the author under public domain or the MIT license.
* (see https://github.com/floodyberry/poly1305-donna )
* Modified for nettle by Nikos Mavrogiannopoulos.
*
* Copyright: 2012-2013 Andrew M. (floodyberry)
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include "macros.h"
#include "nettle-types.h"
#include "poly1305.h"
#define mul32x32_64(a,b) ((uint64_t)(a) * (b))
void
poly1305_set_key
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
key
[
16
])
{
uint32_t
t0
,
t1
,
t2
,
t3
;
t0
=
LE_READ_UINT32
(
key
);
t1
=
LE_READ_UINT32
(
key
+
4
);
t2
=
LE_READ_UINT32
(
key
+
8
);
t3
=
LE_READ_UINT32
(
key
+
12
);
ctx
->
r0
=
t0
&
0x3ffffff
;
t0
>>=
26
;
t0
|=
t1
<<
6
;
ctx
->
r1
=
t0
&
0x3ffff03
;
t1
>>=
20
;
t1
|=
t2
<<
12
;
ctx
->
r2
=
t1
&
0x3ffc0ff
;
t2
>>=
14
;
t2
|=
t3
<<
18
;
ctx
->
r3
=
t2
&
0x3f03fff
;
t3
>>=
8
;
ctx
->
r4
=
t3
&
0x00fffff
;
ctx
->
s1
=
ctx
->
r1
*
5
;
ctx
->
s2
=
ctx
->
r2
*
5
;
ctx
->
s3
=
ctx
->
r3
*
5
;
ctx
->
s4
=
ctx
->
r4
*
5
;
ctx
->
h0
=
0
;
ctx
->
h1
=
0
;
ctx
->
h2
=
0
;
ctx
->
h3
=
0
;
ctx
->
h4
=
0
;
}
void
poly1305_set_nonce
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
*
nonce
)
{
memcpy
(
ctx
->
nonce
,
nonce
,
16
);
}
void
poly1305_set_s
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
*
s
)
{
memcpy
(
ctx
->
s
,
s
,
16
);
}
void
poly1305_block
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
m
[
16
])
{
uint32_t
t0
,
t1
,
t2
,
t3
;
uint32_t
b
;
uint64_t
t
[
5
];
uint64_t
c
;
/* full blocks */
t0
=
LE_READ_UINT32
(
m
);
t1
=
LE_READ_UINT32
(
m
+
4
);
t2
=
LE_READ_UINT32
(
m
+
8
);
t3
=
LE_READ_UINT32
(
m
+
12
);
ctx
->
h0
+=
t0
&
0x3ffffff
;
ctx
->
h1
+=
((((
uint64_t
)
t1
<<
32
)
|
t0
)
>>
26
)
&
0x3ffffff
;
ctx
->
h2
+=
((((
uint64_t
)
t2
<<
32
)
|
t1
)
>>
20
)
&
0x3ffffff
;
ctx
->
h3
+=
((((
uint64_t
)
t3
<<
32
)
|
t2
)
>>
14
)
&
0x3ffffff
;
ctx
->
h4
+=
(
t3
>>
8
)
|
(
1
<<
24
);
/* poly1305_donna_mul: */
t
[
0
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
s3
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s2
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s1
);
t
[
1
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s3
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s2
);
t
[
2
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s3
);
t
[
3
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r3
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s4
);
t
[
4
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r4
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r3
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
r0
);
ctx
->
h0
=
(
uint32_t
)
t
[
0
]
&
0x3ffffff
;
c
=
(
t
[
0
]
>>
26
);
t
[
1
]
+=
c
;
ctx
->
h1
=
(
uint32_t
)
t
[
1
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
1
]
>>
26
);
t
[
2
]
+=
b
;
ctx
->
h2
=
(
uint32_t
)
t
[
2
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
2
]
>>
26
);
t
[
3
]
+=
b
;
ctx
->
h3
=
(
uint32_t
)
t
[
3
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
3
]
>>
26
);
t
[
4
]
+=
b
;
ctx
->
h4
=
(
uint32_t
)
t
[
4
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
4
]
>>
26
);
ctx
->
h0
+=
b
*
5
;
}
void
poly1305_digest
(
struct
poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
)
{
uint32_t
t0
,
t1
,
t2
,
t3
;
uint32_t
b
,
nb
;
size_t
j
;
uint64_t
t
[
5
];
uint64_t
f0
,
f1
,
f2
,
f3
;
uint32_t
g0
,
g1
,
g2
,
g3
,
g4
;
uint64_t
c
;
uint8_t
mp
[
16
];
uint8_t
td
[
16
];
/* final bytes */
/* poly1305_donna_atmost15bytes: */
if
(
!
ctx
->
index
)
goto
poly1305_donna_finish
;
for
(
j
=
0
;
j
<
ctx
->
index
;
j
++
)
mp
[
j
]
=
ctx
->
block
[
j
];
mp
[
j
++
]
=
1
;
for
(;
j
<
16
;
j
++
)
mp
[
j
]
=
0
;
t0
=
LE_READ_UINT32
(
mp
);
t1
=
LE_READ_UINT32
(
mp
+
4
);
t2
=
LE_READ_UINT32
(
mp
+
8
);
t3
=
LE_READ_UINT32
(
mp
+
12
);
ctx
->
h0
+=
t0
&
0x3ffffff
;
ctx
->
h1
+=
((((
uint64_t
)
t1
<<
32
)
|
t0
)
>>
26
)
&
0x3ffffff
;
ctx
->
h2
+=
((((
uint64_t
)
t2
<<
32
)
|
t1
)
>>
20
)
&
0x3ffffff
;
ctx
->
h3
+=
((((
uint64_t
)
t3
<<
32
)
|
t2
)
>>
14
)
&
0x3ffffff
;
ctx
->
h4
+=
(
t3
>>
8
);
/* poly1305_donna_mul: */
t
[
0
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
s3
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s2
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s1
);
t
[
1
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s3
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s2
);
t
[
2
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
s4
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s3
);
t
[
3
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r3
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
r0
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
s4
);
t
[
4
]
=
mul32x32_64
(
ctx
->
h0
,
ctx
->
r4
)
+
mul32x32_64
(
ctx
->
h1
,
ctx
->
r3
)
+
mul32x32_64
(
ctx
->
h2
,
ctx
->
r2
)
+
mul32x32_64
(
ctx
->
h3
,
ctx
->
r1
)
+
mul32x32_64
(
ctx
->
h4
,
ctx
->
r0
);
ctx
->
h0
=
(
uint32_t
)
t
[
0
]
&
0x3ffffff
;
c
=
(
t
[
0
]
>>
26
);
t
[
1
]
+=
c
;
ctx
->
h1
=
(
uint32_t
)
t
[
1
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
1
]
>>
26
);
t
[
2
]
+=
b
;
ctx
->
h2
=
(
uint32_t
)
t
[
2
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
2
]
>>
26
);
t
[
3
]
+=
b
;
ctx
->
h3
=
(
uint32_t
)
t
[
3
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
3
]
>>
26
);
t
[
4
]
+=
b
;
ctx
->
h4
=
(
uint32_t
)
t
[
4
]
&
0x3ffffff
;
b
=
(
uint32_t
)(
t
[
4
]
>>
26
);
ctx
->
h0
+=
b
*
5
;
poly1305_donna_finish:
b
=
ctx
->
h0
>>
26
;
ctx
->
h0
=
ctx
->
h0
&
0x3ffffff
;
ctx
->
h1
+=
b
;
b
=
ctx
->
h1
>>
26
;
ctx
->
h1
=
ctx
->
h1
&
0x3ffffff
;
ctx
->
h2
+=
b
;
b
=
ctx
->
h2
>>
26
;
ctx
->
h2
=
ctx
->
h2
&
0x3ffffff
;
ctx
->
h3
+=
b
;
b
=
ctx
->
h3
>>
26
;
ctx
->
h3
=
ctx
->
h3
&
0x3ffffff
;
ctx
->
h4
+=
b
;
b
=
ctx
->
h4
>>
26
;
ctx
->
h4
=
ctx
->
h4
&
0x3ffffff
;
ctx
->
h0
+=
b
*
5
;
b
=
ctx
->
h0
>>
26
;
ctx
->
h0
=
ctx
->
h0
&
0x3ffffff
;
ctx
->
h1
+=
b
;
g0
=
ctx
->
h0
+
5
;
b
=
g0
>>
26
;
g0
&=
0x3ffffff
;
g1
=
ctx
->
h1
+
b
;
b
=
g1
>>
26
;
g1
&=
0x3ffffff
;
g2
=
ctx
->
h2
+
b
;
b
=
g2
>>
26
;
g2
&=
0x3ffffff
;
g3
=
ctx
->
h3
+
b
;
b
=
g3
>>
26
;
g3
&=
0x3ffffff
;
g4
=
ctx
->
h4
+
b
-
(
1
<<
26
);
b
=
(
g4
>>
31
)
-
1
;
nb
=
~
b
;
ctx
->
h0
=
(
ctx
->
h0
&
nb
)
|
(
g0
&
b
);
ctx
->
h1
=
(
ctx
->
h1
&
nb
)
|
(
g1
&
b
);
ctx
->
h2
=
(
ctx
->
h2
&
nb
)
|
(
g2
&
b
);
ctx
->
h3
=
(
ctx
->
h3
&
nb
)
|
(
g3
&
b
);
ctx
->
h4
=
(
ctx
->
h4
&
nb
)
|
(
g4
&
b
);
f0
=
((
ctx
->
h0
)
|
(
ctx
->
h1
<<
26
))
+
(
uint64_t
)
LE_READ_UINT32
(
ctx
->
s
);
f1
=
((
ctx
->
h1
>>
6
)
|
(
ctx
->
h2
<<
20
))
+
(
uint64_t
)
LE_READ_UINT32
(
ctx
->
s
+
4
);
f2
=
((
ctx
->
h2
>>
12
)
|
(
ctx
->
h3
<<
14
))
+
(
uint64_t
)
LE_READ_UINT32
(
ctx
->
s
+
8
);
f3
=
((
ctx
->
h3
>>
18
)
|
(
ctx
->
h4
<<
8
))
+
(
uint64_t
)
LE_READ_UINT32
(
ctx
->
s
+
12
);
LE_WRITE_UINT32
(
td
,
f0
);
f1
+=
(
f0
>>
32
);
LE_WRITE_UINT32
(
&
td
[
4
],
f1
);
f2
+=
(
f1
>>
32
);
LE_WRITE_UINT32
(
&
td
[
8
],
f2
);
f3
+=
(
f2
>>
32
);
LE_WRITE_UINT32
(
&
td
[
12
],
f3
);
memcpy
(
digest
,
td
,
length
);
}
poly1305.h
0 → 100644
View file @
04d29c83
/* poly1305-aes.h
*
* Poly1305 message authentication code.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_POLY1305_H_INCLUDED
#define NETTLE_POLY1305_H_INCLUDED
#ifdef __cplusplus
extern
"C"
{
#endif
/* Low level functions/macros for the poly1305 construction.
* For the macros to be useful include macros.h
*/
#include "nettle-types.h"
struct
poly1305_ctx
{
uint32_t
h0
;
uint32_t
h1
;
uint32_t
h2
;
uint32_t
h3
;
uint32_t
h4
;
uint32_t
r0
;
uint32_t
r1
;
uint32_t
r2
;
uint32_t
r3
;
uint32_t
r4
;
uint32_t
s1
;
uint32_t
s2
;
uint32_t
s3
;
uint32_t
s4
;
uint8_t
s
[
16
];
/* typically AES_k(nonce) */
uint8_t
nonce
[
16
];
uint8_t
block
[
16
];
unsigned
index
;
};
/* All-in-one context, with cipher, and state. Cipher must have a 128-bit block */
#define POLY1305_CTX(type) \
{ struct poly1305_ctx pctx; type cipher; }
#define poly1305_set_key nettle_poly1305_set_key
#define poly1305_set_nonce nettle_poly1305_set_nonce
#define poly1305_set_s nettle_poly1305_set_s
#define poly1305_block nettle_poly1305_round
#define poly1305_digest nettle_poly1305_digest
void
poly1305_set_key
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
key
[
16
]);
void
poly1305_set_nonce
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
*
nonce
);
void
poly1305_set_s
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
*
s
);
void
poly1305_block
(
struct
poly1305_ctx
*
ctx
,
const
uint8_t
m
[
16
]);
void
poly1305_digest
(
struct
poly1305_ctx
*
ctx
,
size_t
length
,
uint8_t
*
digest
);
#define POLY1305_SET_KEY(ctx, set_key, key) \
do { \
poly1305_set_key(&(ctx)->pctx, (key+16)); \
(set_key)(&(ctx)->cipher, 16, (key)); \
(ctx)->pctx.index = 0; \
} while (0)
#define POLY1305_SET_NONCE(ctx, data) \
poly1305_set_nonce(&(ctx)->pctx, (data))
#define _POLY1305_BLOCK(ctx, block) do { \
poly1305_block(ctx, block); \
} while (0)
#define POLY1305_UPDATE(ctx, length, data) \
MD_UPDATE (&(ctx)->pctx, (length), (data), _POLY1305_BLOCK, (void) 0)
#define POLY1305_DIGEST(ctx, encrypt, length, digest) \
do { \
uint8_t _ts[16]; \
(encrypt)(&(ctx)->cipher, 16, _ts, (ctx)->pctx.nonce); \
poly1305_set_s(&(ctx)->pctx, _ts); \
poly1305_digest (&(ctx)->pctx, (length), (digest)); \
INCREMENT (16, (ctx)->pctx.nonce); \
(ctx)->pctx.index = 0; \
} while(0);
#ifdef __cplusplus
}
#endif
#endif
/* NETTLE_POLY1305_H_INCLUDED */
testsuite/.test-rules.make
View file @
04d29c83
...
...
@@ -106,6 +106,9 @@ gcm-test$(EXEEXT): gcm-test.$(OBJEXT)
eax-test$(EXEEXT)
:
eax-test.$(OBJEXT)
$(LINK)
eax-test.
$(OBJEXT)
$(TEST_OBJS)
-o
eax-test
$(EXEEXT)
poly1305-test$(EXEEXT)
:
poly1305-test.$(OBJEXT)
$(LINK)
poly1305-test.
$(OBJEXT)
$(TEST_OBJS)
-o
poly1305-test
$(EXEEXT)
hmac-test$(EXEEXT)
:
hmac-test.$(OBJEXT)
$(LINK)
hmac-test.
$(OBJEXT)
$(TEST_OBJS)
-o
hmac-test
$(EXEEXT)
...
...
testsuite/Makefile.in
View file @
04d29c83
...
...
@@ -26,6 +26,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
serpent-test.c twofish-test.c
\
knuth-lfib-test.c
\
cbc-test.c ctr-test.c gcm-test.c eax-test.c
\
poly1305-test.c
\
hmac-test.c umac-test.c
\
meta-hash-test.c meta-cipher-test.c meta-armor-test.c
\
buffer-test.c yarrow-test.c pbkdf2-test.c
...
...
testsuite/poly1305-test.c
0 → 100644
View file @
04d29c83
#include "testutils.h"
#include "poly1305-aes.h"
static
void
update
(
void
*
ctx
,
nettle_hash_update_func
*
f
,
const
struct
tstring
*
msg
,
unsigned
length
)
{
for
(;
length
>
msg
->
length
;
length
-=
msg
->
length
)
f
(
ctx
,
msg
->
length
,
msg
->
data
);
f
(
ctx
,
length
,
msg
->
data
);
}
static
void
check_digest
(
const
char
*
name
,
void
*
ctx
,
nettle_hash_digest_func
*
f
,
const
struct
tstring
*
msg
,
unsigned
length
,
unsigned
tag_length
,
const
uint8_t
*
ref
)
{
uint8_t
tag
[
16
];
f
(
ctx
,
tag_length
,
tag
);
if
(
memcmp
(
tag
,
ref
,
tag_length
)
!=
0
)
{
printf
(
"%s failed
\n
"
,
name
);
printf
(
"msg: "
);
print_hex
(
msg
->
length
,
msg
->
data
);
printf
(
"length: %u
\n
"
,
length
);
printf
(
"tag: "
);
print_hex
(
tag_length
,
tag
);
printf
(
"ref: "
);
print_hex
(
tag_length
,
ref
);
abort
();
}
}
static
void
test_poly1305
(
const
struct
tstring
*
key
,
const
struct
tstring
*
nonce
,
const
struct
tstring
*
msg
,
unsigned
length
,
const
struct
tstring
*
ref
)
{
struct
poly1305_aes_ctx
ctx
;
ASSERT
(
key
->
length
==
POLY1305_AES_KEY_SIZE
);
ASSERT
(
ref
->
length
==
POLY1305_AES_DIGEST_SIZE
);
poly1305_aes_set_key
(
&
ctx
,
key
->
data
);
poly1305_aes_set_nonce
(
&
ctx
,
nonce
->
data
);
update
(
&
ctx
,
(
nettle_hash_update_func
*
)
poly1305_aes_update
,
msg
,
length
);
check_digest
(
"poly1305-aes"
,
&
ctx
,
(
nettle_hash_digest_func
*
)
poly1305_aes_digest
,
msg
,
length
,
16
,
ref
->
data
);
}
void
test_main
(
void
)
{
/* From Bernstein's paper. */
test_poly1305
(
SHEX
(
"75deaa25c09f208e1dc4ce6b5cad3fbfa0f3080000f46400d0c7e9076c834403"
),
SHEX
(
"61ee09218d29b0aaed7e154a2c5509cc"
),
SHEX
(
""
),
0
,
SHEX
(
"dd3fab2251f11ac759f0887129cc2ee7"
));
test_poly1305
(
SHEX
(
"ec074c835580741701425b623235add6851fc40c3467ac0be05cc20404f3f700"
),
SHEX
(
"fb447350c4e868c52ac3275cf9d4327e"
),
SHEX
(
"f3f6"
),
2
,
SHEX
(
"f4c633c3044fc145f84f335cb81953de"
));
test_poly1305
(
SHEX
(
"6acb5f61a7176dd320c5c1eb2edcdc74"
"48443d0bb0d21109c89a100b5ce2c208"
),
SHEX
(
"ae212a55399729595dea458bc621ff0e"
),
SHEX
(
"663cea190ffb83d89593f3f476b6bc24"
"d7e679107ea26adb8caf6652d0656136"
),
32
,
SHEX
(
"0ee1c16bb73f0f4fd19881753c01cdbe"
));
test_poly1305
(
SHEX
(
"e1a5668a4d5b66a5f68cc5424ed5982d12976a08c4426d0ce8a82407c4f48207"
),
SHEX
(
"9ae831e743978d3a23527c7128149e3a"
),
SHEX
(
"ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491"
"faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb2109"
"5c1bf9"
),
63
,
SHEX
(
"5154ad0d2cb26e01274fc51148491f1b"
));
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.