From 52f99db25d4066e3a783b15533a7b4f0a5f6c2b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Fri, 17 Jan 2014 08:52:10 +0100
Subject: [PATCH] Move nonce from poly1305_ctx to poly1305_aes_ctx.

---
 ChangeLog      | 10 ++++++++++
 asm.m4         |  1 -
 poly1305-aes.c |  8 ++++----
 poly1305.c     |  6 ------
 poly1305.h     |  5 ++---
 5 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 810c2631..30a4d327 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2014-01-17  Niels Möller  <nisse@lysator.liu.se>
+
+	* poly1305.h (struct poly1305_ctx): Moved nonce field from here...
+	(struct poly1305_aes_ctx): ... to here.
+	* poly1305-aes.c (poly1305_aes_set_nonce, poly1305_aes_digest):
+	Updated for above.
+	* poly1305.c (poly1305_set_nonce): Deleted function.
+	* asm.m4: Delete nonce also from the assembly definition of struct
+	poly1305_ctx.
+
 2014-01-16  Niels Möller  <nisse@lysator.liu.se>
 
 	* poly1305-aes.c: Include poly1305.c. Rewrite functions without
diff --git a/asm.m4 b/asm.m4
index cf38fa6e..a6ea52cc 100644
--- a/asm.m4
+++ b/asm.m4
@@ -85,7 +85,6 @@ STRUCTURE(P1305)
   STRUCT(H2, 4)
   STRUCT(H0, 8)
   STRUCT(H1, 8)
-  STRUCT(NONCE, 16)
   STRUCT(BLOCK, 16)
   STRUCT(INDEX, 4)
 
diff --git a/poly1305-aes.c b/poly1305-aes.c
index 847bf34d..8a7d9d13 100644
--- a/poly1305-aes.c
+++ b/poly1305-aes.c
@@ -40,7 +40,7 @@ void
 poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
 			const uint8_t * nonce)
 {
-  poly1305_set_nonce(&ctx->pctx, nonce);
+  memcpy (ctx->nonce, nonce, POLY1305_AES_NONCE_SIZE);
 }
 
 void
@@ -48,8 +48,8 @@ poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
 		     size_t length, uint8_t * digest)
 {
   uint8_t s[POLY1305_BLOCK_SIZE];
-  aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s, ctx->pctx.nonce);
+  aes128_encrypt(&ctx->aes, POLY1305_BLOCK_SIZE, s, ctx->nonce);
   poly1305_digest (&ctx->pctx, length, digest, s);
-  INCREMENT (16, (ctx)->pctx.nonce);
-  (ctx)->pctx.index = 0;
+  INCREMENT (16, ctx->nonce);
+  ctx->pctx.index = 0;
 }
diff --git a/poly1305.c b/poly1305.c
index eacb4841..76b00ff1 100644
--- a/poly1305.c
+++ b/poly1305.c
@@ -28,12 +28,6 @@
 
 #include "macros.h"
 
-void
-poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce)
-{
-  memcpy (ctx->nonce, nonce, 16);
-}
-
 void
 poly1305_update (struct poly1305_ctx *ctx, size_t length, const uint8_t *data)
 {
diff --git a/poly1305.h b/poly1305.h
index 12c7bdab..3257bf63 100644
--- a/poly1305.h
+++ b/poly1305.h
@@ -35,7 +35,6 @@ extern "C" {
 
 /* Name mangling */
 #define poly1305_set_key nettle_poly1305_set_key
-#define poly1305_set_nonce nettle_poly1305_set_nonce
 #define poly1305_update nettle_poly1305_update
 #define poly1305_block nettle_poly1305_block
 #define poly1305_digest nettle_poly1305_digest
@@ -68,13 +67,11 @@ struct poly1305_ctx {
     uint64_t h64[2];
   } h;
 
-  uint8_t nonce[POLY1305_BLOCK_SIZE];
   uint8_t block[POLY1305_BLOCK_SIZE];
   unsigned index;
 };
 
 void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[POLY1305_KEY_SIZE]);
-void poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce);
 void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[POLY1305_BLOCK_SIZE]);
 void poly1305_update (struct poly1305_ctx *ctx, size_t size, const uint8_t *data);
 void poly1305_digest (struct poly1305_ctx *ctx,
@@ -84,11 +81,13 @@ void poly1305_digest (struct poly1305_ctx *ctx,
 
 #define POLY1305_AES_KEY_SIZE 32
 #define POLY1305_AES_DIGEST_SIZE 16
+#define POLY1305_AES_NONCE_SIZE 16
 
 struct poly1305_aes_ctx
 {
   /* Must be first element, for the poly1305_aes_update cast to work. */
   struct poly1305_ctx pctx;
+  uint8_t nonce[POLY1305_BLOCK_SIZE];
   struct aes128_ctx aes;
 };
 
-- 
GitLab