takashi kadono
/
Nucleo446_SSD1331
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
mbed-os/features/mbedtls/src/poly1305.c@0:8fdf9a60065b, 2018-10-10 (annotated)
- Committer:
- kadonotakashi
- Date:
- Wed Oct 10 00:33:53 2018 +0000
- Revision:
- 0:8fdf9a60065b
how to make mbed librry
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| kadonotakashi | 0:8fdf9a60065b | 1 | /** |
| kadonotakashi | 0:8fdf9a60065b | 2 | * \file poly1305.c |
| kadonotakashi | 0:8fdf9a60065b | 3 | * |
| kadonotakashi | 0:8fdf9a60065b | 4 | * \brief Poly1305 authentication algorithm. |
| kadonotakashi | 0:8fdf9a60065b | 5 | * |
| kadonotakashi | 0:8fdf9a60065b | 6 | * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved |
| kadonotakashi | 0:8fdf9a60065b | 7 | * SPDX-License-Identifier: Apache-2.0 |
| kadonotakashi | 0:8fdf9a60065b | 8 | * |
| kadonotakashi | 0:8fdf9a60065b | 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| kadonotakashi | 0:8fdf9a60065b | 10 | * not use this file except in compliance with the License. |
| kadonotakashi | 0:8fdf9a60065b | 11 | * You may obtain a copy of the License at |
| kadonotakashi | 0:8fdf9a60065b | 12 | * |
| kadonotakashi | 0:8fdf9a60065b | 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
| kadonotakashi | 0:8fdf9a60065b | 14 | * |
| kadonotakashi | 0:8fdf9a60065b | 15 | * Unless required by applicable law or agreed to in writing, software |
| kadonotakashi | 0:8fdf9a60065b | 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| kadonotakashi | 0:8fdf9a60065b | 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| kadonotakashi | 0:8fdf9a60065b | 18 | * See the License for the specific language governing permissions and |
| kadonotakashi | 0:8fdf9a60065b | 19 | * limitations under the License. |
| kadonotakashi | 0:8fdf9a60065b | 20 | * |
| kadonotakashi | 0:8fdf9a60065b | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
| kadonotakashi | 0:8fdf9a60065b | 22 | */ |
| kadonotakashi | 0:8fdf9a60065b | 23 | #if !defined(MBEDTLS_CONFIG_FILE) |
| kadonotakashi | 0:8fdf9a60065b | 24 | #include "mbedtls/config.h" |
| kadonotakashi | 0:8fdf9a60065b | 25 | #else |
| kadonotakashi | 0:8fdf9a60065b | 26 | #include MBEDTLS_CONFIG_FILE |
| kadonotakashi | 0:8fdf9a60065b | 27 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 28 | |
| kadonotakashi | 0:8fdf9a60065b | 29 | #if defined(MBEDTLS_POLY1305_C) |
| kadonotakashi | 0:8fdf9a60065b | 30 | |
| kadonotakashi | 0:8fdf9a60065b | 31 | #include "mbedtls/poly1305.h" |
| kadonotakashi | 0:8fdf9a60065b | 32 | #include "mbedtls/platform_util.h" |
| kadonotakashi | 0:8fdf9a60065b | 33 | |
| kadonotakashi | 0:8fdf9a60065b | 34 | #include <string.h> |
| kadonotakashi | 0:8fdf9a60065b | 35 | |
| kadonotakashi | 0:8fdf9a60065b | 36 | #if defined(MBEDTLS_SELF_TEST) |
| kadonotakashi | 0:8fdf9a60065b | 37 | #if defined(MBEDTLS_PLATFORM_C) |
| kadonotakashi | 0:8fdf9a60065b | 38 | #include "mbedtls/platform.h" |
| kadonotakashi | 0:8fdf9a60065b | 39 | #else |
| kadonotakashi | 0:8fdf9a60065b | 40 | #include <stdio.h> |
| kadonotakashi | 0:8fdf9a60065b | 41 | #define mbedtls_printf printf |
| kadonotakashi | 0:8fdf9a60065b | 42 | #endif /* MBEDTLS_PLATFORM_C */ |
| kadonotakashi | 0:8fdf9a60065b | 43 | #endif /* MBEDTLS_SELF_TEST */ |
| kadonotakashi | 0:8fdf9a60065b | 44 | |
| kadonotakashi | 0:8fdf9a60065b | 45 | #if !defined(MBEDTLS_POLY1305_ALT) |
| kadonotakashi | 0:8fdf9a60065b | 46 | |
| kadonotakashi | 0:8fdf9a60065b | 47 | #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ |
| kadonotakashi | 0:8fdf9a60065b | 48 | !defined(inline) && !defined(__cplusplus) |
| kadonotakashi | 0:8fdf9a60065b | 49 | #define inline __inline |
| kadonotakashi | 0:8fdf9a60065b | 50 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 51 | |
| kadonotakashi | 0:8fdf9a60065b | 52 | #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) |
| kadonotakashi | 0:8fdf9a60065b | 53 | |
| kadonotakashi | 0:8fdf9a60065b | 54 | #define BYTES_TO_U32_LE( data, offset ) \ |
| kadonotakashi | 0:8fdf9a60065b | 55 | ( (uint32_t) data[offset] \ |
| kadonotakashi | 0:8fdf9a60065b | 56 | | (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \ |
| kadonotakashi | 0:8fdf9a60065b | 57 | | (uint32_t) ( (uint32_t) data[( offset ) + 2] << 16 ) \ |
| kadonotakashi | 0:8fdf9a60065b | 58 | | (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \ |
| kadonotakashi | 0:8fdf9a60065b | 59 | ) |
| kadonotakashi | 0:8fdf9a60065b | 60 | |
| kadonotakashi | 0:8fdf9a60065b | 61 | /* |
| kadonotakashi | 0:8fdf9a60065b | 62 | * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier. |
| kadonotakashi | 0:8fdf9a60065b | 63 | * However we provided an alternative for platforms without such a multiplier. |
| kadonotakashi | 0:8fdf9a60065b | 64 | */ |
| kadonotakashi | 0:8fdf9a60065b | 65 | #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) |
| kadonotakashi | 0:8fdf9a60065b | 66 | static uint64_t mul64( uint32_t a, uint32_t b ) |
| kadonotakashi | 0:8fdf9a60065b | 67 | { |
| kadonotakashi | 0:8fdf9a60065b | 68 | /* a = al + 2**16 ah, b = bl + 2**16 bh */ |
| kadonotakashi | 0:8fdf9a60065b | 69 | const uint16_t al = (uint16_t) a; |
| kadonotakashi | 0:8fdf9a60065b | 70 | const uint16_t bl = (uint16_t) b; |
| kadonotakashi | 0:8fdf9a60065b | 71 | const uint16_t ah = a >> 16; |
| kadonotakashi | 0:8fdf9a60065b | 72 | const uint16_t bh = b >> 16; |
| kadonotakashi | 0:8fdf9a60065b | 73 | |
| kadonotakashi | 0:8fdf9a60065b | 74 | /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */ |
| kadonotakashi | 0:8fdf9a60065b | 75 | const uint32_t lo = (uint32_t) al * bl; |
| kadonotakashi | 0:8fdf9a60065b | 76 | const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh; |
| kadonotakashi | 0:8fdf9a60065b | 77 | const uint32_t hi = (uint32_t) ah * bh; |
| kadonotakashi | 0:8fdf9a60065b | 78 | |
| kadonotakashi | 0:8fdf9a60065b | 79 | return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 80 | } |
| kadonotakashi | 0:8fdf9a60065b | 81 | #else |
| kadonotakashi | 0:8fdf9a60065b | 82 | static inline uint64_t mul64( uint32_t a, uint32_t b ) |
| kadonotakashi | 0:8fdf9a60065b | 83 | { |
| kadonotakashi | 0:8fdf9a60065b | 84 | return( (uint64_t) a * b ); |
| kadonotakashi | 0:8fdf9a60065b | 85 | } |
| kadonotakashi | 0:8fdf9a60065b | 86 | #endif |
| kadonotakashi | 0:8fdf9a60065b | 87 | |
| kadonotakashi | 0:8fdf9a60065b | 88 | |
| kadonotakashi | 0:8fdf9a60065b | 89 | /** |
| kadonotakashi | 0:8fdf9a60065b | 90 | * \brief Process blocks with Poly1305. |
| kadonotakashi | 0:8fdf9a60065b | 91 | * |
| kadonotakashi | 0:8fdf9a60065b | 92 | * \param ctx The Poly1305 context. |
| kadonotakashi | 0:8fdf9a60065b | 93 | * \param nblocks Number of blocks to process. Note that this |
| kadonotakashi | 0:8fdf9a60065b | 94 | * function only processes full blocks. |
| kadonotakashi | 0:8fdf9a60065b | 95 | * \param input Buffer containing the input block(s). |
| kadonotakashi | 0:8fdf9a60065b | 96 | * \param needs_padding Set to 0 if the padding bit has already been |
| kadonotakashi | 0:8fdf9a60065b | 97 | * applied to the input data before calling this |
| kadonotakashi | 0:8fdf9a60065b | 98 | * function. Otherwise, set this parameter to 1. |
| kadonotakashi | 0:8fdf9a60065b | 99 | */ |
| kadonotakashi | 0:8fdf9a60065b | 100 | static void poly1305_process( mbedtls_poly1305_context *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 101 | size_t nblocks, |
| kadonotakashi | 0:8fdf9a60065b | 102 | const unsigned char *input, |
| kadonotakashi | 0:8fdf9a60065b | 103 | uint32_t needs_padding ) |
| kadonotakashi | 0:8fdf9a60065b | 104 | { |
| kadonotakashi | 0:8fdf9a60065b | 105 | uint64_t d0, d1, d2, d3; |
| kadonotakashi | 0:8fdf9a60065b | 106 | uint32_t acc0, acc1, acc2, acc3, acc4; |
| kadonotakashi | 0:8fdf9a60065b | 107 | uint32_t r0, r1, r2, r3; |
| kadonotakashi | 0:8fdf9a60065b | 108 | uint32_t rs1, rs2, rs3; |
| kadonotakashi | 0:8fdf9a60065b | 109 | size_t offset = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 110 | size_t i; |
| kadonotakashi | 0:8fdf9a60065b | 111 | |
| kadonotakashi | 0:8fdf9a60065b | 112 | r0 = ctx->r[0]; |
| kadonotakashi | 0:8fdf9a60065b | 113 | r1 = ctx->r[1]; |
| kadonotakashi | 0:8fdf9a60065b | 114 | r2 = ctx->r[2]; |
| kadonotakashi | 0:8fdf9a60065b | 115 | r3 = ctx->r[3]; |
| kadonotakashi | 0:8fdf9a60065b | 116 | |
| kadonotakashi | 0:8fdf9a60065b | 117 | rs1 = r1 + ( r1 >> 2U ); |
| kadonotakashi | 0:8fdf9a60065b | 118 | rs2 = r2 + ( r2 >> 2U ); |
| kadonotakashi | 0:8fdf9a60065b | 119 | rs3 = r3 + ( r3 >> 2U ); |
| kadonotakashi | 0:8fdf9a60065b | 120 | |
| kadonotakashi | 0:8fdf9a60065b | 121 | acc0 = ctx->acc[0]; |
| kadonotakashi | 0:8fdf9a60065b | 122 | acc1 = ctx->acc[1]; |
| kadonotakashi | 0:8fdf9a60065b | 123 | acc2 = ctx->acc[2]; |
| kadonotakashi | 0:8fdf9a60065b | 124 | acc3 = ctx->acc[3]; |
| kadonotakashi | 0:8fdf9a60065b | 125 | acc4 = ctx->acc[4]; |
| kadonotakashi | 0:8fdf9a60065b | 126 | |
| kadonotakashi | 0:8fdf9a60065b | 127 | /* Process full blocks */ |
| kadonotakashi | 0:8fdf9a60065b | 128 | for( i = 0U; i < nblocks; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 129 | { |
| kadonotakashi | 0:8fdf9a60065b | 130 | /* The input block is treated as a 128-bit little-endian integer */ |
| kadonotakashi | 0:8fdf9a60065b | 131 | d0 = BYTES_TO_U32_LE( input, offset + 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 132 | d1 = BYTES_TO_U32_LE( input, offset + 4 ); |
| kadonotakashi | 0:8fdf9a60065b | 133 | d2 = BYTES_TO_U32_LE( input, offset + 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 134 | d3 = BYTES_TO_U32_LE( input, offset + 12 ); |
| kadonotakashi | 0:8fdf9a60065b | 135 | |
| kadonotakashi | 0:8fdf9a60065b | 136 | /* Compute: acc += (padded) block as a 130-bit integer */ |
| kadonotakashi | 0:8fdf9a60065b | 137 | d0 += (uint64_t) acc0; |
| kadonotakashi | 0:8fdf9a60065b | 138 | d1 += (uint64_t) acc1 + ( d0 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 139 | d2 += (uint64_t) acc2 + ( d1 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 140 | d3 += (uint64_t) acc3 + ( d2 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 141 | acc0 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 142 | acc1 = (uint32_t) d1; |
| kadonotakashi | 0:8fdf9a60065b | 143 | acc2 = (uint32_t) d2; |
| kadonotakashi | 0:8fdf9a60065b | 144 | acc3 = (uint32_t) d3; |
| kadonotakashi | 0:8fdf9a60065b | 145 | acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding; |
| kadonotakashi | 0:8fdf9a60065b | 146 | |
| kadonotakashi | 0:8fdf9a60065b | 147 | /* Compute: acc *= r */ |
| kadonotakashi | 0:8fdf9a60065b | 148 | d0 = mul64( acc0, r0 ) + |
| kadonotakashi | 0:8fdf9a60065b | 149 | mul64( acc1, rs3 ) + |
| kadonotakashi | 0:8fdf9a60065b | 150 | mul64( acc2, rs2 ) + |
| kadonotakashi | 0:8fdf9a60065b | 151 | mul64( acc3, rs1 ); |
| kadonotakashi | 0:8fdf9a60065b | 152 | d1 = mul64( acc0, r1 ) + |
| kadonotakashi | 0:8fdf9a60065b | 153 | mul64( acc1, r0 ) + |
| kadonotakashi | 0:8fdf9a60065b | 154 | mul64( acc2, rs3 ) + |
| kadonotakashi | 0:8fdf9a60065b | 155 | mul64( acc3, rs2 ) + |
| kadonotakashi | 0:8fdf9a60065b | 156 | mul64( acc4, rs1 ); |
| kadonotakashi | 0:8fdf9a60065b | 157 | d2 = mul64( acc0, r2 ) + |
| kadonotakashi | 0:8fdf9a60065b | 158 | mul64( acc1, r1 ) + |
| kadonotakashi | 0:8fdf9a60065b | 159 | mul64( acc2, r0 ) + |
| kadonotakashi | 0:8fdf9a60065b | 160 | mul64( acc3, rs3 ) + |
| kadonotakashi | 0:8fdf9a60065b | 161 | mul64( acc4, rs2 ); |
| kadonotakashi | 0:8fdf9a60065b | 162 | d3 = mul64( acc0, r3 ) + |
| kadonotakashi | 0:8fdf9a60065b | 163 | mul64( acc1, r2 ) + |
| kadonotakashi | 0:8fdf9a60065b | 164 | mul64( acc2, r1 ) + |
| kadonotakashi | 0:8fdf9a60065b | 165 | mul64( acc3, r0 ) + |
| kadonotakashi | 0:8fdf9a60065b | 166 | mul64( acc4, rs3 ); |
| kadonotakashi | 0:8fdf9a60065b | 167 | acc4 *= r0; |
| kadonotakashi | 0:8fdf9a60065b | 168 | |
| kadonotakashi | 0:8fdf9a60065b | 169 | /* Compute: acc %= (2^130 - 5) (partial remainder) */ |
| kadonotakashi | 0:8fdf9a60065b | 170 | d1 += ( d0 >> 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 171 | d2 += ( d1 >> 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 172 | d3 += ( d2 >> 32 ); |
| kadonotakashi | 0:8fdf9a60065b | 173 | acc0 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 174 | acc1 = (uint32_t) d1; |
| kadonotakashi | 0:8fdf9a60065b | 175 | acc2 = (uint32_t) d2; |
| kadonotakashi | 0:8fdf9a60065b | 176 | acc3 = (uint32_t) d3; |
| kadonotakashi | 0:8fdf9a60065b | 177 | acc4 = (uint32_t) ( d3 >> 32 ) + acc4; |
| kadonotakashi | 0:8fdf9a60065b | 178 | |
| kadonotakashi | 0:8fdf9a60065b | 179 | d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); |
| kadonotakashi | 0:8fdf9a60065b | 180 | acc4 &= 3U; |
| kadonotakashi | 0:8fdf9a60065b | 181 | acc0 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 182 | d0 = (uint64_t) acc1 + ( d0 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 183 | acc1 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 184 | d0 = (uint64_t) acc2 + ( d0 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 185 | acc2 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 186 | d0 = (uint64_t) acc3 + ( d0 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 187 | acc3 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 188 | d0 = (uint64_t) acc4 + ( d0 >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 189 | acc4 = (uint32_t) d0; |
| kadonotakashi | 0:8fdf9a60065b | 190 | |
| kadonotakashi | 0:8fdf9a60065b | 191 | offset += POLY1305_BLOCK_SIZE_BYTES; |
| kadonotakashi | 0:8fdf9a60065b | 192 | } |
| kadonotakashi | 0:8fdf9a60065b | 193 | |
| kadonotakashi | 0:8fdf9a60065b | 194 | ctx->acc[0] = acc0; |
| kadonotakashi | 0:8fdf9a60065b | 195 | ctx->acc[1] = acc1; |
| kadonotakashi | 0:8fdf9a60065b | 196 | ctx->acc[2] = acc2; |
| kadonotakashi | 0:8fdf9a60065b | 197 | ctx->acc[3] = acc3; |
| kadonotakashi | 0:8fdf9a60065b | 198 | ctx->acc[4] = acc4; |
| kadonotakashi | 0:8fdf9a60065b | 199 | } |
| kadonotakashi | 0:8fdf9a60065b | 200 | |
| kadonotakashi | 0:8fdf9a60065b | 201 | /** |
| kadonotakashi | 0:8fdf9a60065b | 202 | * \brief Compute the Poly1305 MAC |
| kadonotakashi | 0:8fdf9a60065b | 203 | * |
| kadonotakashi | 0:8fdf9a60065b | 204 | * \param ctx The Poly1305 context. |
| kadonotakashi | 0:8fdf9a60065b | 205 | * \param mac The buffer to where the MAC is written. Must be |
| kadonotakashi | 0:8fdf9a60065b | 206 | * big enough to contain the 16-byte MAC. |
| kadonotakashi | 0:8fdf9a60065b | 207 | */ |
| kadonotakashi | 0:8fdf9a60065b | 208 | static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 209 | unsigned char mac[16] ) |
| kadonotakashi | 0:8fdf9a60065b | 210 | { |
| kadonotakashi | 0:8fdf9a60065b | 211 | uint64_t d; |
| kadonotakashi | 0:8fdf9a60065b | 212 | uint32_t g0, g1, g2, g3, g4; |
| kadonotakashi | 0:8fdf9a60065b | 213 | uint32_t acc0, acc1, acc2, acc3, acc4; |
| kadonotakashi | 0:8fdf9a60065b | 214 | uint32_t mask; |
| kadonotakashi | 0:8fdf9a60065b | 215 | uint32_t mask_inv; |
| kadonotakashi | 0:8fdf9a60065b | 216 | |
| kadonotakashi | 0:8fdf9a60065b | 217 | acc0 = ctx->acc[0]; |
| kadonotakashi | 0:8fdf9a60065b | 218 | acc1 = ctx->acc[1]; |
| kadonotakashi | 0:8fdf9a60065b | 219 | acc2 = ctx->acc[2]; |
| kadonotakashi | 0:8fdf9a60065b | 220 | acc3 = ctx->acc[3]; |
| kadonotakashi | 0:8fdf9a60065b | 221 | acc4 = ctx->acc[4]; |
| kadonotakashi | 0:8fdf9a60065b | 222 | |
| kadonotakashi | 0:8fdf9a60065b | 223 | /* Before adding 's' we ensure that the accumulator is mod 2^130 - 5. |
| kadonotakashi | 0:8fdf9a60065b | 224 | * We do this by calculating acc - (2^130 - 5), then checking if |
| kadonotakashi | 0:8fdf9a60065b | 225 | * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5) |
| kadonotakashi | 0:8fdf9a60065b | 226 | */ |
| kadonotakashi | 0:8fdf9a60065b | 227 | |
| kadonotakashi | 0:8fdf9a60065b | 228 | /* Calculate acc + -(2^130 - 5) */ |
| kadonotakashi | 0:8fdf9a60065b | 229 | d = ( (uint64_t) acc0 + 5U ); |
| kadonotakashi | 0:8fdf9a60065b | 230 | g0 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 231 | d = ( (uint64_t) acc1 + ( d >> 32 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 232 | g1 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 233 | d = ( (uint64_t) acc2 + ( d >> 32 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 234 | g2 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 235 | d = ( (uint64_t) acc3 + ( d >> 32 ) ); |
| kadonotakashi | 0:8fdf9a60065b | 236 | g3 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 237 | g4 = acc4 + (uint32_t) ( d >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 238 | |
| kadonotakashi | 0:8fdf9a60065b | 239 | /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */ |
| kadonotakashi | 0:8fdf9a60065b | 240 | mask = (uint32_t) 0U - ( g4 >> 2U ); |
| kadonotakashi | 0:8fdf9a60065b | 241 | mask_inv = ~mask; |
| kadonotakashi | 0:8fdf9a60065b | 242 | |
| kadonotakashi | 0:8fdf9a60065b | 243 | /* If 131st bit is set then acc=g, otherwise, acc is unmodified */ |
| kadonotakashi | 0:8fdf9a60065b | 244 | acc0 = ( acc0 & mask_inv ) | ( g0 & mask ); |
| kadonotakashi | 0:8fdf9a60065b | 245 | acc1 = ( acc1 & mask_inv ) | ( g1 & mask ); |
| kadonotakashi | 0:8fdf9a60065b | 246 | acc2 = ( acc2 & mask_inv ) | ( g2 & mask ); |
| kadonotakashi | 0:8fdf9a60065b | 247 | acc3 = ( acc3 & mask_inv ) | ( g3 & mask ); |
| kadonotakashi | 0:8fdf9a60065b | 248 | |
| kadonotakashi | 0:8fdf9a60065b | 249 | /* Add 's' */ |
| kadonotakashi | 0:8fdf9a60065b | 250 | d = (uint64_t) acc0 + ctx->s[0]; |
| kadonotakashi | 0:8fdf9a60065b | 251 | acc0 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 252 | d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 253 | acc1 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 254 | d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 255 | acc2 = (uint32_t) d; |
| kadonotakashi | 0:8fdf9a60065b | 256 | acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); |
| kadonotakashi | 0:8fdf9a60065b | 257 | |
| kadonotakashi | 0:8fdf9a60065b | 258 | /* Compute MAC (128 least significant bits of the accumulator) */ |
| kadonotakashi | 0:8fdf9a60065b | 259 | mac[ 0] = (unsigned char)( acc0 ); |
| kadonotakashi | 0:8fdf9a60065b | 260 | mac[ 1] = (unsigned char)( acc0 >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 261 | mac[ 2] = (unsigned char)( acc0 >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 262 | mac[ 3] = (unsigned char)( acc0 >> 24 ); |
| kadonotakashi | 0:8fdf9a60065b | 263 | mac[ 4] = (unsigned char)( acc1 ); |
| kadonotakashi | 0:8fdf9a60065b | 264 | mac[ 5] = (unsigned char)( acc1 >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 265 | mac[ 6] = (unsigned char)( acc1 >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 266 | mac[ 7] = (unsigned char)( acc1 >> 24 ); |
| kadonotakashi | 0:8fdf9a60065b | 267 | mac[ 8] = (unsigned char)( acc2 ); |
| kadonotakashi | 0:8fdf9a60065b | 268 | mac[ 9] = (unsigned char)( acc2 >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 269 | mac[10] = (unsigned char)( acc2 >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 270 | mac[11] = (unsigned char)( acc2 >> 24 ); |
| kadonotakashi | 0:8fdf9a60065b | 271 | mac[12] = (unsigned char)( acc3 ); |
| kadonotakashi | 0:8fdf9a60065b | 272 | mac[13] = (unsigned char)( acc3 >> 8 ); |
| kadonotakashi | 0:8fdf9a60065b | 273 | mac[14] = (unsigned char)( acc3 >> 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 274 | mac[15] = (unsigned char)( acc3 >> 24 ); |
| kadonotakashi | 0:8fdf9a60065b | 275 | } |
| kadonotakashi | 0:8fdf9a60065b | 276 | |
| kadonotakashi | 0:8fdf9a60065b | 277 | void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) |
| kadonotakashi | 0:8fdf9a60065b | 278 | { |
| kadonotakashi | 0:8fdf9a60065b | 279 | if( ctx != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 280 | { |
| kadonotakashi | 0:8fdf9a60065b | 281 | mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); |
| kadonotakashi | 0:8fdf9a60065b | 282 | } |
| kadonotakashi | 0:8fdf9a60065b | 283 | } |
| kadonotakashi | 0:8fdf9a60065b | 284 | |
| kadonotakashi | 0:8fdf9a60065b | 285 | void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) |
| kadonotakashi | 0:8fdf9a60065b | 286 | { |
| kadonotakashi | 0:8fdf9a60065b | 287 | if( ctx != NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 288 | { |
| kadonotakashi | 0:8fdf9a60065b | 289 | mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); |
| kadonotakashi | 0:8fdf9a60065b | 290 | } |
| kadonotakashi | 0:8fdf9a60065b | 291 | } |
| kadonotakashi | 0:8fdf9a60065b | 292 | |
| kadonotakashi | 0:8fdf9a60065b | 293 | int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 294 | const unsigned char key[32] ) |
| kadonotakashi | 0:8fdf9a60065b | 295 | { |
| kadonotakashi | 0:8fdf9a60065b | 296 | if( ctx == NULL || key == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 297 | { |
| kadonotakashi | 0:8fdf9a60065b | 298 | return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 299 | } |
| kadonotakashi | 0:8fdf9a60065b | 300 | |
| kadonotakashi | 0:8fdf9a60065b | 301 | /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ |
| kadonotakashi | 0:8fdf9a60065b | 302 | ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; |
| kadonotakashi | 0:8fdf9a60065b | 303 | ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU; |
| kadonotakashi | 0:8fdf9a60065b | 304 | ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU; |
| kadonotakashi | 0:8fdf9a60065b | 305 | ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU; |
| kadonotakashi | 0:8fdf9a60065b | 306 | |
| kadonotakashi | 0:8fdf9a60065b | 307 | ctx->s[0] = BYTES_TO_U32_LE( key, 16 ); |
| kadonotakashi | 0:8fdf9a60065b | 308 | ctx->s[1] = BYTES_TO_U32_LE( key, 20 ); |
| kadonotakashi | 0:8fdf9a60065b | 309 | ctx->s[2] = BYTES_TO_U32_LE( key, 24 ); |
| kadonotakashi | 0:8fdf9a60065b | 310 | ctx->s[3] = BYTES_TO_U32_LE( key, 28 ); |
| kadonotakashi | 0:8fdf9a60065b | 311 | |
| kadonotakashi | 0:8fdf9a60065b | 312 | /* Initial accumulator state */ |
| kadonotakashi | 0:8fdf9a60065b | 313 | ctx->acc[0] = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 314 | ctx->acc[1] = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 315 | ctx->acc[2] = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 316 | ctx->acc[3] = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 317 | ctx->acc[4] = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 318 | |
| kadonotakashi | 0:8fdf9a60065b | 319 | /* Queue initially empty */ |
| kadonotakashi | 0:8fdf9a60065b | 320 | mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) ); |
| kadonotakashi | 0:8fdf9a60065b | 321 | ctx->queue_len = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 322 | |
| kadonotakashi | 0:8fdf9a60065b | 323 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 324 | } |
| kadonotakashi | 0:8fdf9a60065b | 325 | |
| kadonotakashi | 0:8fdf9a60065b | 326 | int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 327 | const unsigned char *input, |
| kadonotakashi | 0:8fdf9a60065b | 328 | size_t ilen ) |
| kadonotakashi | 0:8fdf9a60065b | 329 | { |
| kadonotakashi | 0:8fdf9a60065b | 330 | size_t offset = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 331 | size_t remaining = ilen; |
| kadonotakashi | 0:8fdf9a60065b | 332 | size_t queue_free_len; |
| kadonotakashi | 0:8fdf9a60065b | 333 | size_t nblocks; |
| kadonotakashi | 0:8fdf9a60065b | 334 | |
| kadonotakashi | 0:8fdf9a60065b | 335 | if( ctx == NULL ) |
| kadonotakashi | 0:8fdf9a60065b | 336 | { |
| kadonotakashi | 0:8fdf9a60065b | 337 | return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 338 | } |
| kadonotakashi | 0:8fdf9a60065b | 339 | else if( ( ilen > 0U ) && ( input == NULL ) ) |
| kadonotakashi | 0:8fdf9a60065b | 340 | { |
| kadonotakashi | 0:8fdf9a60065b | 341 | /* input pointer is allowed to be NULL only if ilen == 0 */ |
| kadonotakashi | 0:8fdf9a60065b | 342 | return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 343 | } |
| kadonotakashi | 0:8fdf9a60065b | 344 | |
| kadonotakashi | 0:8fdf9a60065b | 345 | if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) |
| kadonotakashi | 0:8fdf9a60065b | 346 | { |
| kadonotakashi | 0:8fdf9a60065b | 347 | queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); |
| kadonotakashi | 0:8fdf9a60065b | 348 | |
| kadonotakashi | 0:8fdf9a60065b | 349 | if( ilen < queue_free_len ) |
| kadonotakashi | 0:8fdf9a60065b | 350 | { |
| kadonotakashi | 0:8fdf9a60065b | 351 | /* Not enough data to complete the block. |
| kadonotakashi | 0:8fdf9a60065b | 352 | * Store this data with the other leftovers. |
| kadonotakashi | 0:8fdf9a60065b | 353 | */ |
| kadonotakashi | 0:8fdf9a60065b | 354 | memcpy( &ctx->queue[ctx->queue_len], |
| kadonotakashi | 0:8fdf9a60065b | 355 | input, |
| kadonotakashi | 0:8fdf9a60065b | 356 | ilen ); |
| kadonotakashi | 0:8fdf9a60065b | 357 | |
| kadonotakashi | 0:8fdf9a60065b | 358 | ctx->queue_len += ilen; |
| kadonotakashi | 0:8fdf9a60065b | 359 | |
| kadonotakashi | 0:8fdf9a60065b | 360 | remaining = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 361 | } |
| kadonotakashi | 0:8fdf9a60065b | 362 | else |
| kadonotakashi | 0:8fdf9a60065b | 363 | { |
| kadonotakashi | 0:8fdf9a60065b | 364 | /* Enough data to produce a complete block */ |
| kadonotakashi | 0:8fdf9a60065b | 365 | memcpy( &ctx->queue[ctx->queue_len], |
| kadonotakashi | 0:8fdf9a60065b | 366 | input, |
| kadonotakashi | 0:8fdf9a60065b | 367 | queue_free_len ); |
| kadonotakashi | 0:8fdf9a60065b | 368 | |
| kadonotakashi | 0:8fdf9a60065b | 369 | ctx->queue_len = 0U; |
| kadonotakashi | 0:8fdf9a60065b | 370 | |
| kadonotakashi | 0:8fdf9a60065b | 371 | poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */ |
| kadonotakashi | 0:8fdf9a60065b | 372 | |
| kadonotakashi | 0:8fdf9a60065b | 373 | offset += queue_free_len; |
| kadonotakashi | 0:8fdf9a60065b | 374 | remaining -= queue_free_len; |
| kadonotakashi | 0:8fdf9a60065b | 375 | } |
| kadonotakashi | 0:8fdf9a60065b | 376 | } |
| kadonotakashi | 0:8fdf9a60065b | 377 | |
| kadonotakashi | 0:8fdf9a60065b | 378 | if( remaining >= POLY1305_BLOCK_SIZE_BYTES ) |
| kadonotakashi | 0:8fdf9a60065b | 379 | { |
| kadonotakashi | 0:8fdf9a60065b | 380 | nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES; |
| kadonotakashi | 0:8fdf9a60065b | 381 | |
| kadonotakashi | 0:8fdf9a60065b | 382 | poly1305_process( ctx, nblocks, &input[offset], 1U ); |
| kadonotakashi | 0:8fdf9a60065b | 383 | |
| kadonotakashi | 0:8fdf9a60065b | 384 | offset += nblocks * POLY1305_BLOCK_SIZE_BYTES; |
| kadonotakashi | 0:8fdf9a60065b | 385 | remaining %= POLY1305_BLOCK_SIZE_BYTES; |
| kadonotakashi | 0:8fdf9a60065b | 386 | } |
| kadonotakashi | 0:8fdf9a60065b | 387 | |
| kadonotakashi | 0:8fdf9a60065b | 388 | if( remaining > 0U ) |
| kadonotakashi | 0:8fdf9a60065b | 389 | { |
| kadonotakashi | 0:8fdf9a60065b | 390 | /* Store partial block */ |
| kadonotakashi | 0:8fdf9a60065b | 391 | ctx->queue_len = remaining; |
| kadonotakashi | 0:8fdf9a60065b | 392 | memcpy( ctx->queue, &input[offset], remaining ); |
| kadonotakashi | 0:8fdf9a60065b | 393 | } |
| kadonotakashi | 0:8fdf9a60065b | 394 | |
| kadonotakashi | 0:8fdf9a60065b | 395 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 396 | } |
| kadonotakashi | 0:8fdf9a60065b | 397 | |
| kadonotakashi | 0:8fdf9a60065b | 398 | int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, |
| kadonotakashi | 0:8fdf9a60065b | 399 | unsigned char mac[16] ) |
| kadonotakashi | 0:8fdf9a60065b | 400 | { |
| kadonotakashi | 0:8fdf9a60065b | 401 | if( ( ctx == NULL ) || ( mac == NULL ) ) |
| kadonotakashi | 0:8fdf9a60065b | 402 | { |
| kadonotakashi | 0:8fdf9a60065b | 403 | return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ); |
| kadonotakashi | 0:8fdf9a60065b | 404 | } |
| kadonotakashi | 0:8fdf9a60065b | 405 | |
| kadonotakashi | 0:8fdf9a60065b | 406 | /* Process any leftover data */ |
| kadonotakashi | 0:8fdf9a60065b | 407 | if( ctx->queue_len > 0U ) |
| kadonotakashi | 0:8fdf9a60065b | 408 | { |
| kadonotakashi | 0:8fdf9a60065b | 409 | /* Add padding bit */ |
| kadonotakashi | 0:8fdf9a60065b | 410 | ctx->queue[ctx->queue_len] = 1U; |
| kadonotakashi | 0:8fdf9a60065b | 411 | ctx->queue_len++; |
| kadonotakashi | 0:8fdf9a60065b | 412 | |
| kadonotakashi | 0:8fdf9a60065b | 413 | /* Pad with zeroes */ |
| kadonotakashi | 0:8fdf9a60065b | 414 | memset( &ctx->queue[ctx->queue_len], |
| kadonotakashi | 0:8fdf9a60065b | 415 | 0, |
| kadonotakashi | 0:8fdf9a60065b | 416 | POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); |
| kadonotakashi | 0:8fdf9a60065b | 417 | |
| kadonotakashi | 0:8fdf9a60065b | 418 | poly1305_process( ctx, 1U, /* Process 1 block */ |
| kadonotakashi | 0:8fdf9a60065b | 419 | ctx->queue, 0U ); /* Already padded above */ |
| kadonotakashi | 0:8fdf9a60065b | 420 | } |
| kadonotakashi | 0:8fdf9a60065b | 421 | |
| kadonotakashi | 0:8fdf9a60065b | 422 | poly1305_compute_mac( ctx, mac ); |
| kadonotakashi | 0:8fdf9a60065b | 423 | |
| kadonotakashi | 0:8fdf9a60065b | 424 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 425 | } |
| kadonotakashi | 0:8fdf9a60065b | 426 | |
| kadonotakashi | 0:8fdf9a60065b | 427 | int mbedtls_poly1305_mac( const unsigned char key[32], |
| kadonotakashi | 0:8fdf9a60065b | 428 | const unsigned char *input, |
| kadonotakashi | 0:8fdf9a60065b | 429 | size_t ilen, |
| kadonotakashi | 0:8fdf9a60065b | 430 | unsigned char mac[16] ) |
| kadonotakashi | 0:8fdf9a60065b | 431 | { |
| kadonotakashi | 0:8fdf9a60065b | 432 | mbedtls_poly1305_context ctx; |
| kadonotakashi | 0:8fdf9a60065b | 433 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 434 | |
| kadonotakashi | 0:8fdf9a60065b | 435 | mbedtls_poly1305_init( &ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 436 | |
| kadonotakashi | 0:8fdf9a60065b | 437 | ret = mbedtls_poly1305_starts( &ctx, key ); |
| kadonotakashi | 0:8fdf9a60065b | 438 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 439 | goto cleanup; |
| kadonotakashi | 0:8fdf9a60065b | 440 | |
| kadonotakashi | 0:8fdf9a60065b | 441 | ret = mbedtls_poly1305_update( &ctx, input, ilen ); |
| kadonotakashi | 0:8fdf9a60065b | 442 | if( ret != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 443 | goto cleanup; |
| kadonotakashi | 0:8fdf9a60065b | 444 | |
| kadonotakashi | 0:8fdf9a60065b | 445 | ret = mbedtls_poly1305_finish( &ctx, mac ); |
| kadonotakashi | 0:8fdf9a60065b | 446 | |
| kadonotakashi | 0:8fdf9a60065b | 447 | cleanup: |
| kadonotakashi | 0:8fdf9a60065b | 448 | mbedtls_poly1305_free( &ctx ); |
| kadonotakashi | 0:8fdf9a60065b | 449 | return( ret ); |
| kadonotakashi | 0:8fdf9a60065b | 450 | } |
| kadonotakashi | 0:8fdf9a60065b | 451 | |
| kadonotakashi | 0:8fdf9a60065b | 452 | #endif /* MBEDTLS_POLY1305_ALT */ |
| kadonotakashi | 0:8fdf9a60065b | 453 | |
| kadonotakashi | 0:8fdf9a60065b | 454 | #if defined(MBEDTLS_SELF_TEST) |
| kadonotakashi | 0:8fdf9a60065b | 455 | |
| kadonotakashi | 0:8fdf9a60065b | 456 | static const unsigned char test_keys[2][32] = |
| kadonotakashi | 0:8fdf9a60065b | 457 | { |
| kadonotakashi | 0:8fdf9a60065b | 458 | { |
| kadonotakashi | 0:8fdf9a60065b | 459 | 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, |
| kadonotakashi | 0:8fdf9a60065b | 460 | 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, |
| kadonotakashi | 0:8fdf9a60065b | 461 | 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, |
| kadonotakashi | 0:8fdf9a60065b | 462 | 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b |
| kadonotakashi | 0:8fdf9a60065b | 463 | }, |
| kadonotakashi | 0:8fdf9a60065b | 464 | { |
| kadonotakashi | 0:8fdf9a60065b | 465 | 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, |
| kadonotakashi | 0:8fdf9a60065b | 466 | 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, |
| kadonotakashi | 0:8fdf9a60065b | 467 | 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, |
| kadonotakashi | 0:8fdf9a60065b | 468 | 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 |
| kadonotakashi | 0:8fdf9a60065b | 469 | } |
| kadonotakashi | 0:8fdf9a60065b | 470 | }; |
| kadonotakashi | 0:8fdf9a60065b | 471 | |
| kadonotakashi | 0:8fdf9a60065b | 472 | static const unsigned char test_data[2][127] = |
| kadonotakashi | 0:8fdf9a60065b | 473 | { |
| kadonotakashi | 0:8fdf9a60065b | 474 | { |
| kadonotakashi | 0:8fdf9a60065b | 475 | 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, |
| kadonotakashi | 0:8fdf9a60065b | 476 | 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f, |
| kadonotakashi | 0:8fdf9a60065b | 477 | 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65, |
| kadonotakashi | 0:8fdf9a60065b | 478 | 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f, |
| kadonotakashi | 0:8fdf9a60065b | 479 | 0x75, 0x70 |
| kadonotakashi | 0:8fdf9a60065b | 480 | }, |
| kadonotakashi | 0:8fdf9a60065b | 481 | { |
| kadonotakashi | 0:8fdf9a60065b | 482 | 0x27, 0x54, 0x77, 0x61, 0x73, 0x20, 0x62, 0x72, |
| kadonotakashi | 0:8fdf9a60065b | 483 | 0x69, 0x6c, 0x6c, 0x69, 0x67, 0x2c, 0x20, 0x61, |
| kadonotakashi | 0:8fdf9a60065b | 484 | 0x6e, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, |
| kadonotakashi | 0:8fdf9a60065b | 485 | 0x6c, 0x69, 0x74, 0x68, 0x79, 0x20, 0x74, 0x6f, |
| kadonotakashi | 0:8fdf9a60065b | 486 | 0x76, 0x65, 0x73, 0x0a, 0x44, 0x69, 0x64, 0x20, |
| kadonotakashi | 0:8fdf9a60065b | 487 | 0x67, 0x79, 0x72, 0x65, 0x20, 0x61, 0x6e, 0x64, |
| kadonotakashi | 0:8fdf9a60065b | 488 | 0x20, 0x67, 0x69, 0x6d, 0x62, 0x6c, 0x65, 0x20, |
| kadonotakashi | 0:8fdf9a60065b | 489 | 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77, |
| kadonotakashi | 0:8fdf9a60065b | 490 | 0x61, 0x62, 0x65, 0x3a, 0x0a, 0x41, 0x6c, 0x6c, |
| kadonotakashi | 0:8fdf9a60065b | 491 | 0x20, 0x6d, 0x69, 0x6d, 0x73, 0x79, 0x20, 0x77, |
| kadonotakashi | 0:8fdf9a60065b | 492 | 0x65, 0x72, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20, |
| kadonotakashi | 0:8fdf9a60065b | 493 | 0x62, 0x6f, 0x72, 0x6f, 0x67, 0x6f, 0x76, 0x65, |
| kadonotakashi | 0:8fdf9a60065b | 494 | 0x73, 0x2c, 0x0a, 0x41, 0x6e, 0x64, 0x20, 0x74, |
| kadonotakashi | 0:8fdf9a60065b | 495 | 0x68, 0x65, 0x20, 0x6d, 0x6f, 0x6d, 0x65, 0x20, |
| kadonotakashi | 0:8fdf9a60065b | 496 | 0x72, 0x61, 0x74, 0x68, 0x73, 0x20, 0x6f, 0x75, |
| kadonotakashi | 0:8fdf9a60065b | 497 | 0x74, 0x67, 0x72, 0x61, 0x62, 0x65, 0x2e |
| kadonotakashi | 0:8fdf9a60065b | 498 | } |
| kadonotakashi | 0:8fdf9a60065b | 499 | }; |
| kadonotakashi | 0:8fdf9a60065b | 500 | |
| kadonotakashi | 0:8fdf9a60065b | 501 | static const size_t test_data_len[2] = |
| kadonotakashi | 0:8fdf9a60065b | 502 | { |
| kadonotakashi | 0:8fdf9a60065b | 503 | 34U, |
| kadonotakashi | 0:8fdf9a60065b | 504 | 127U |
| kadonotakashi | 0:8fdf9a60065b | 505 | }; |
| kadonotakashi | 0:8fdf9a60065b | 506 | |
| kadonotakashi | 0:8fdf9a60065b | 507 | static const unsigned char test_mac[2][16] = |
| kadonotakashi | 0:8fdf9a60065b | 508 | { |
| kadonotakashi | 0:8fdf9a60065b | 509 | { |
| kadonotakashi | 0:8fdf9a60065b | 510 | 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, |
| kadonotakashi | 0:8fdf9a60065b | 511 | 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 |
| kadonotakashi | 0:8fdf9a60065b | 512 | }, |
| kadonotakashi | 0:8fdf9a60065b | 513 | { |
| kadonotakashi | 0:8fdf9a60065b | 514 | 0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61, |
| kadonotakashi | 0:8fdf9a60065b | 515 | 0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62 |
| kadonotakashi | 0:8fdf9a60065b | 516 | } |
| kadonotakashi | 0:8fdf9a60065b | 517 | }; |
| kadonotakashi | 0:8fdf9a60065b | 518 | |
| kadonotakashi | 0:8fdf9a60065b | 519 | #define ASSERT( cond, args ) \ |
| kadonotakashi | 0:8fdf9a60065b | 520 | do \ |
| kadonotakashi | 0:8fdf9a60065b | 521 | { \ |
| kadonotakashi | 0:8fdf9a60065b | 522 | if( ! ( cond ) ) \ |
| kadonotakashi | 0:8fdf9a60065b | 523 | { \ |
| kadonotakashi | 0:8fdf9a60065b | 524 | if( verbose != 0 ) \ |
| kadonotakashi | 0:8fdf9a60065b | 525 | mbedtls_printf args; \ |
| kadonotakashi | 0:8fdf9a60065b | 526 | \ |
| kadonotakashi | 0:8fdf9a60065b | 527 | return( -1 ); \ |
| kadonotakashi | 0:8fdf9a60065b | 528 | } \ |
| kadonotakashi | 0:8fdf9a60065b | 529 | } \ |
| kadonotakashi | 0:8fdf9a60065b | 530 | while( 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 531 | |
| kadonotakashi | 0:8fdf9a60065b | 532 | int mbedtls_poly1305_self_test( int verbose ) |
| kadonotakashi | 0:8fdf9a60065b | 533 | { |
| kadonotakashi | 0:8fdf9a60065b | 534 | unsigned char mac[16]; |
| kadonotakashi | 0:8fdf9a60065b | 535 | unsigned i; |
| kadonotakashi | 0:8fdf9a60065b | 536 | int ret; |
| kadonotakashi | 0:8fdf9a60065b | 537 | |
| kadonotakashi | 0:8fdf9a60065b | 538 | for( i = 0U; i < 2U; i++ ) |
| kadonotakashi | 0:8fdf9a60065b | 539 | { |
| kadonotakashi | 0:8fdf9a60065b | 540 | if( verbose != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 541 | mbedtls_printf( " Poly1305 test %u ", i ); |
| kadonotakashi | 0:8fdf9a60065b | 542 | |
| kadonotakashi | 0:8fdf9a60065b | 543 | ret = mbedtls_poly1305_mac( test_keys[i], |
| kadonotakashi | 0:8fdf9a60065b | 544 | test_data[i], |
| kadonotakashi | 0:8fdf9a60065b | 545 | test_data_len[i], |
| kadonotakashi | 0:8fdf9a60065b | 546 | mac ); |
| kadonotakashi | 0:8fdf9a60065b | 547 | ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); |
| kadonotakashi | 0:8fdf9a60065b | 548 | |
| kadonotakashi | 0:8fdf9a60065b | 549 | ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) ); |
| kadonotakashi | 0:8fdf9a60065b | 550 | |
| kadonotakashi | 0:8fdf9a60065b | 551 | if( verbose != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 552 | mbedtls_printf( "passed\n" ); |
| kadonotakashi | 0:8fdf9a60065b | 553 | } |
| kadonotakashi | 0:8fdf9a60065b | 554 | |
| kadonotakashi | 0:8fdf9a60065b | 555 | if( verbose != 0 ) |
| kadonotakashi | 0:8fdf9a60065b | 556 | mbedtls_printf( "\n" ); |
| kadonotakashi | 0:8fdf9a60065b | 557 | |
| kadonotakashi | 0:8fdf9a60065b | 558 | return( 0 ); |
| kadonotakashi | 0:8fdf9a60065b | 559 | } |
| kadonotakashi | 0:8fdf9a60065b | 560 | |
| kadonotakashi | 0:8fdf9a60065b | 561 | #endif /* MBEDTLS_SELF_TEST */ |
| kadonotakashi | 0:8fdf9a60065b | 562 | |
| kadonotakashi | 0:8fdf9a60065b | 563 | #endif /* MBEDTLS_POLY1305_C */ |