Kenji Arai / mbed-os_TYBLE16

Dependents:   TYBLE16_simple_data_logger TYBLE16_MP3_Air

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers poly1305.c Source File

poly1305.c

Go to the documentation of this file.
00001 /**
00002  * \file poly1305.c
00003  *
00004  * \brief Poly1305 authentication algorithm.
00005  *
00006  *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
00007  *  SPDX-License-Identifier: Apache-2.0
00008  *
00009  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00010  *  not use this file except in compliance with the License.
00011  *  You may obtain a copy of the License at
00012  *
00013  *  http://www.apache.org/licenses/LICENSE-2.0
00014  *
00015  *  Unless required by applicable law or agreed to in writing, software
00016  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00017  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00018  *  See the License for the specific language governing permissions and
00019  *  limitations under the License.
00020  *
00021  *  This file is part of mbed TLS (https://tls.mbed.org)
00022  */
00023 #if !defined(MBEDTLS_CONFIG_FILE)
00024 #include "mbedtls/config.h"
00025 #else
00026 #include MBEDTLS_CONFIG_FILE
00027 #endif
00028 
00029 #if defined(MBEDTLS_POLY1305_C)
00030 
00031 #include "mbedtls/poly1305.h"
00032 #include "mbedtls/platform_util.h"
00033 
00034 #include <string.h>
00035 
00036 #if defined(MBEDTLS_SELF_TEST)
00037 #if defined(MBEDTLS_PLATFORM_C)
00038 #include "mbedtls/platform.h"
00039 #else
00040 #include <stdio.h>
00041 #define mbedtls_printf printf
00042 #endif /* MBEDTLS_PLATFORM_C */
00043 #endif /* MBEDTLS_SELF_TEST */
00044 
00045 #if !defined(MBEDTLS_POLY1305_ALT)
00046 
00047 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
00048     !defined(inline) && !defined(__cplusplus)
00049 #define inline __inline
00050 #endif
00051 
00052 /* Parameter validation macros */
00053 #define POLY1305_VALIDATE_RET( cond )                                       \
00054     MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
00055 #define POLY1305_VALIDATE( cond )                                           \
00056     MBEDTLS_INTERNAL_VALIDATE( cond )
00057 
00058 #define POLY1305_BLOCK_SIZE_BYTES ( 16U )
00059 
00060 #define BYTES_TO_U32_LE( data, offset )                           \
00061     ( (uint32_t) (data)[offset]                                     \
00062           | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 )   \
00063           | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 )  \
00064           | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 )  \
00065     )
00066 
00067 /*
00068  * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier.
00069  * However we provided an alternative for platforms without such a multiplier.
00070  */
00071 #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
00072 static uint64_t mul64( uint32_t a, uint32_t b )
00073 {
00074     /* a = al + 2**16 ah, b = bl + 2**16 bh */
00075     const uint16_t al = (uint16_t) a;
00076     const uint16_t bl = (uint16_t) b;
00077     const uint16_t ah = a >> 16;
00078     const uint16_t bh = b >> 16;
00079 
00080     /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */
00081     const uint32_t lo = (uint32_t) al * bl;
00082     const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh;
00083     const uint32_t hi = (uint32_t) ah * bh;
00084 
00085     return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) );
00086 }
00087 #else
00088 static inline uint64_t mul64( uint32_t a, uint32_t b )
00089 {
00090     return( (uint64_t) a * b );
00091 }
00092 #endif
00093 
00094 
00095 /**
00096  * \brief                   Process blocks with Poly1305.
00097  *
00098  * \param ctx               The Poly1305 context.
00099  * \param nblocks           Number of blocks to process. Note that this
00100  *                          function only processes full blocks.
00101  * \param input             Buffer containing the input block(s).
00102  * \param needs_padding     Set to 0 if the padding bit has already been
00103  *                          applied to the input data before calling this
00104  *                          function.  Otherwise, set this parameter to 1.
00105  */
00106 static void poly1305_process( mbedtls_poly1305_context *ctx,
00107                               size_t nblocks,
00108                               const unsigned char *input,
00109                               uint32_t needs_padding )
00110 {
00111     uint64_t d0, d1, d2, d3;
00112     uint32_t acc0, acc1, acc2, acc3, acc4;
00113     uint32_t r0, r1, r2, r3;
00114     uint32_t rs1, rs2, rs3;
00115     size_t offset  = 0U;
00116     size_t i;
00117 
00118     r0 = ctx->r[0];
00119     r1 = ctx->r[1];
00120     r2 = ctx->r[2];
00121     r3 = ctx->r[3];
00122 
00123     rs1 = r1 + ( r1 >> 2U );
00124     rs2 = r2 + ( r2 >> 2U );
00125     rs3 = r3 + ( r3 >> 2U );
00126 
00127     acc0 = ctx->acc[0];
00128     acc1 = ctx->acc[1];
00129     acc2 = ctx->acc[2];
00130     acc3 = ctx->acc[3];
00131     acc4 = ctx->acc[4];
00132 
00133     /* Process full blocks */
00134     for( i = 0U; i < nblocks; i++ )
00135     {
00136         /* The input block is treated as a 128-bit little-endian integer */
00137         d0   = BYTES_TO_U32_LE( input, offset + 0  );
00138         d1   = BYTES_TO_U32_LE( input, offset + 4  );
00139         d2   = BYTES_TO_U32_LE( input, offset + 8  );
00140         d3   = BYTES_TO_U32_LE( input, offset + 12 );
00141 
00142         /* Compute: acc += (padded) block as a 130-bit integer */
00143         d0  += (uint64_t) acc0;
00144         d1  += (uint64_t) acc1 + ( d0 >> 32U );
00145         d2  += (uint64_t) acc2 + ( d1 >> 32U );
00146         d3  += (uint64_t) acc3 + ( d2 >> 32U );
00147         acc0 = (uint32_t) d0;
00148         acc1 = (uint32_t) d1;
00149         acc2 = (uint32_t) d2;
00150         acc3 = (uint32_t) d3;
00151         acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding;
00152 
00153         /* Compute: acc *= r */
00154         d0 = mul64( acc0, r0  ) +
00155              mul64( acc1, rs3 ) +
00156              mul64( acc2, rs2 ) +
00157              mul64( acc3, rs1 );
00158         d1 = mul64( acc0, r1  ) +
00159              mul64( acc1, r0  ) +
00160              mul64( acc2, rs3 ) +
00161              mul64( acc3, rs2 ) +
00162              mul64( acc4, rs1 );
00163         d2 = mul64( acc0, r2  ) +
00164              mul64( acc1, r1  ) +
00165              mul64( acc2, r0  ) +
00166              mul64( acc3, rs3 ) +
00167              mul64( acc4, rs2 );
00168         d3 = mul64( acc0, r3  ) +
00169              mul64( acc1, r2  ) +
00170              mul64( acc2, r1  ) +
00171              mul64( acc3, r0  ) +
00172              mul64( acc4, rs3 );
00173         acc4 *= r0;
00174 
00175         /* Compute: acc %= (2^130 - 5) (partial remainder) */
00176         d1 += ( d0 >> 32 );
00177         d2 += ( d1 >> 32 );
00178         d3 += ( d2 >> 32 );
00179         acc0 = (uint32_t) d0;
00180         acc1 = (uint32_t) d1;
00181         acc2 = (uint32_t) d2;
00182         acc3 = (uint32_t) d3;
00183         acc4 = (uint32_t) ( d3 >> 32 ) + acc4;
00184 
00185         d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU );
00186         acc4 &= 3U;
00187         acc0 = (uint32_t) d0;
00188         d0 = (uint64_t) acc1 + ( d0 >> 32U );
00189         acc1 = (uint32_t) d0;
00190         d0 = (uint64_t) acc2 + ( d0 >> 32U );
00191         acc2 = (uint32_t) d0;
00192         d0 = (uint64_t) acc3 + ( d0 >> 32U );
00193         acc3 = (uint32_t) d0;
00194         d0 = (uint64_t) acc4 + ( d0 >> 32U );
00195         acc4 = (uint32_t) d0;
00196 
00197         offset    += POLY1305_BLOCK_SIZE_BYTES;
00198     }
00199 
00200     ctx->acc[0] = acc0;
00201     ctx->acc[1] = acc1;
00202     ctx->acc[2] = acc2;
00203     ctx->acc[3] = acc3;
00204     ctx->acc[4] = acc4;
00205 }
00206 
00207 /**
00208  * \brief                   Compute the Poly1305 MAC
00209  *
00210  * \param ctx               The Poly1305 context.
00211  * \param mac               The buffer to where the MAC is written. Must be
00212  *                          big enough to contain the 16-byte MAC.
00213  */
00214 static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
00215                                   unsigned char mac[16] )
00216 {
00217     uint64_t d;
00218     uint32_t g0, g1, g2, g3, g4;
00219     uint32_t acc0, acc1, acc2, acc3, acc4;
00220     uint32_t mask;
00221     uint32_t mask_inv;
00222 
00223     acc0 = ctx->acc[0];
00224     acc1 = ctx->acc[1];
00225     acc2 = ctx->acc[2];
00226     acc3 = ctx->acc[3];
00227     acc4 = ctx->acc[4];
00228 
00229     /* Before adding 's' we ensure that the accumulator is mod 2^130 - 5.
00230      * We do this by calculating acc - (2^130 - 5), then checking if
00231      * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5)
00232      */
00233 
00234     /* Calculate acc + -(2^130 - 5) */
00235     d  = ( (uint64_t) acc0 + 5U );
00236     g0 = (uint32_t) d;
00237     d  = ( (uint64_t) acc1 + ( d >> 32 ) );
00238     g1 = (uint32_t) d;
00239     d  = ( (uint64_t) acc2 + ( d >> 32 ) );
00240     g2 = (uint32_t) d;
00241     d  = ( (uint64_t) acc3 + ( d >> 32 ) );
00242     g3 = (uint32_t) d;
00243     g4 = acc4 + (uint32_t) ( d >> 32U );
00244 
00245     /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */
00246     mask = (uint32_t) 0U - ( g4 >> 2U );
00247     mask_inv = ~mask;
00248 
00249     /* If 131st bit is set then acc=g, otherwise, acc is unmodified */
00250     acc0 = ( acc0 & mask_inv ) | ( g0 & mask );
00251     acc1 = ( acc1 & mask_inv ) | ( g1 & mask );
00252     acc2 = ( acc2 & mask_inv ) | ( g2 & mask );
00253     acc3 = ( acc3 & mask_inv ) | ( g3 & mask );
00254 
00255     /* Add 's' */
00256     d = (uint64_t) acc0 + ctx->s[0];
00257     acc0 = (uint32_t) d;
00258     d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U );
00259     acc1 = (uint32_t) d;
00260     d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U );
00261     acc2 = (uint32_t) d;
00262     acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
00263 
00264     /* Compute MAC (128 least significant bits of the accumulator) */
00265     mac[ 0] = (unsigned char)( acc0       );
00266     mac[ 1] = (unsigned char)( acc0 >>  8 );
00267     mac[ 2] = (unsigned char)( acc0 >> 16 );
00268     mac[ 3] = (unsigned char)( acc0 >> 24 );
00269     mac[ 4] = (unsigned char)( acc1       );
00270     mac[ 5] = (unsigned char)( acc1 >>  8 );
00271     mac[ 6] = (unsigned char)( acc1 >> 16 );
00272     mac[ 7] = (unsigned char)( acc1 >> 24 );
00273     mac[ 8] = (unsigned char)( acc2       );
00274     mac[ 9] = (unsigned char)( acc2 >>  8 );
00275     mac[10] = (unsigned char)( acc2 >> 16 );
00276     mac[11] = (unsigned char)( acc2 >> 24 );
00277     mac[12] = (unsigned char)( acc3       );
00278     mac[13] = (unsigned char)( acc3 >>  8 );
00279     mac[14] = (unsigned char)( acc3 >> 16 );
00280     mac[15] = (unsigned char)( acc3 >> 24 );
00281 }
00282 
00283 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
00284 {
00285     POLY1305_VALIDATE( ctx != NULL );
00286 
00287     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
00288 }
00289 
00290 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
00291 {
00292     if( ctx == NULL )
00293         return;
00294 
00295     mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
00296 }
00297 
00298 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
00299                              const unsigned char key[32] )
00300 {
00301     POLY1305_VALIDATE_RET( ctx != NULL );
00302     POLY1305_VALIDATE_RET( key != NULL );
00303 
00304     /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
00305     ctx->r[0] = BYTES_TO_U32_LE( key, 0 )  & 0x0FFFFFFFU;
00306     ctx->r[1] = BYTES_TO_U32_LE( key, 4 )  & 0x0FFFFFFCU;
00307     ctx->r[2] = BYTES_TO_U32_LE( key, 8 )  & 0x0FFFFFFCU;
00308     ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU;
00309 
00310     ctx->s[0] = BYTES_TO_U32_LE( key, 16 );
00311     ctx->s[1] = BYTES_TO_U32_LE( key, 20 );
00312     ctx->s[2] = BYTES_TO_U32_LE( key, 24 );
00313     ctx->s[3] = BYTES_TO_U32_LE( key, 28 );
00314 
00315     /* Initial accumulator state */
00316     ctx->acc[0] = 0U;
00317     ctx->acc[1] = 0U;
00318     ctx->acc[2] = 0U;
00319     ctx->acc[3] = 0U;
00320     ctx->acc[4] = 0U;
00321 
00322     /* Queue initially empty */
00323     mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) );
00324     ctx->queue_len = 0U;
00325 
00326     return( 0 );
00327 }
00328 
00329 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
00330                              const unsigned char *input,
00331                              size_t ilen )
00332 {
00333     size_t offset    = 0U;
00334     size_t remaining = ilen;
00335     size_t queue_free_len;
00336     size_t nblocks;
00337     POLY1305_VALIDATE_RET( ctx != NULL );
00338     POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
00339 
00340     if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
00341     {
00342         queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
00343 
00344         if( ilen < queue_free_len )
00345         {
00346             /* Not enough data to complete the block.
00347              * Store this data with the other leftovers.
00348              */
00349             memcpy( &ctx->queue[ctx->queue_len],
00350                     input,
00351                     ilen );
00352 
00353             ctx->queue_len += ilen;
00354 
00355             remaining = 0U;
00356         }
00357         else
00358         {
00359             /* Enough data to produce a complete block */
00360             memcpy( &ctx->queue[ctx->queue_len],
00361                     input,
00362                     queue_free_len );
00363 
00364             ctx->queue_len = 0U;
00365 
00366             poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */
00367 
00368             offset    += queue_free_len;
00369             remaining -= queue_free_len;
00370         }
00371     }
00372 
00373     if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
00374     {
00375         nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
00376 
00377         poly1305_process( ctx, nblocks, &input[offset], 1U );
00378 
00379         offset += nblocks * POLY1305_BLOCK_SIZE_BYTES;
00380         remaining %= POLY1305_BLOCK_SIZE_BYTES;
00381     }
00382 
00383     if( remaining > 0U )
00384     {
00385         /* Store partial block */
00386         ctx->queue_len = remaining;
00387         memcpy( ctx->queue, &input[offset], remaining );
00388     }
00389 
00390     return( 0 );
00391 }
00392 
00393 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
00394                              unsigned char mac[16] )
00395 {
00396     POLY1305_VALIDATE_RET( ctx != NULL );
00397     POLY1305_VALIDATE_RET( mac != NULL );
00398 
00399     /* Process any leftover data */
00400     if( ctx->queue_len > 0U )
00401     {
00402         /* Add padding bit */
00403         ctx->queue[ctx->queue_len] = 1U;
00404         ctx->queue_len++;
00405 
00406         /* Pad with zeroes */
00407         memset( &ctx->queue[ctx->queue_len],
00408                 0,
00409                 POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
00410 
00411         poly1305_process( ctx, 1U,          /* Process 1 block */
00412                           ctx->queue, 0U ); /* Already padded above */
00413     }
00414 
00415     poly1305_compute_mac( ctx, mac );
00416 
00417     return( 0 );
00418 }
00419 
00420 int mbedtls_poly1305_mac( const unsigned char key[32],
00421                           const unsigned char *input,
00422                           size_t ilen,
00423                           unsigned char mac[16] )
00424 {
00425     mbedtls_poly1305_context ctx;
00426     int ret;
00427     POLY1305_VALIDATE_RET( key != NULL );
00428     POLY1305_VALIDATE_RET( mac != NULL );
00429     POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
00430 
00431     mbedtls_poly1305_init( &ctx );
00432 
00433     ret = mbedtls_poly1305_starts( &ctx, key );
00434     if( ret != 0 )
00435         goto cleanup;
00436 
00437     ret = mbedtls_poly1305_update( &ctx, input, ilen );
00438     if( ret != 0 )
00439         goto cleanup;
00440 
00441     ret = mbedtls_poly1305_finish( &ctx, mac );
00442 
00443 cleanup:
00444     mbedtls_poly1305_free( &ctx );
00445     return( ret );
00446 }
00447 
00448 #endif /* MBEDTLS_POLY1305_ALT */
00449 
00450 #if defined(MBEDTLS_SELF_TEST)
00451 
00452 static const unsigned char test_keys[2][32] =
00453 {
00454     {
00455         0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
00456         0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
00457         0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
00458         0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
00459     },
00460     {
00461         0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
00462         0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
00463         0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
00464         0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
00465     }
00466 };
00467 
00468 static const unsigned char test_data[2][127] =
00469 {
00470     {
00471         0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
00472         0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
00473         0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
00474         0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
00475         0x75, 0x70
00476     },
00477     {
00478         0x27, 0x54, 0x77, 0x61, 0x73, 0x20, 0x62, 0x72,
00479         0x69, 0x6c, 0x6c, 0x69, 0x67, 0x2c, 0x20, 0x61,
00480         0x6e, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
00481         0x6c, 0x69, 0x74, 0x68, 0x79, 0x20, 0x74, 0x6f,
00482         0x76, 0x65, 0x73, 0x0a, 0x44, 0x69, 0x64, 0x20,
00483         0x67, 0x79, 0x72, 0x65, 0x20, 0x61, 0x6e, 0x64,
00484         0x20, 0x67, 0x69, 0x6d, 0x62, 0x6c, 0x65, 0x20,
00485         0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77,
00486         0x61, 0x62, 0x65, 0x3a, 0x0a, 0x41, 0x6c, 0x6c,
00487         0x20, 0x6d, 0x69, 0x6d, 0x73, 0x79, 0x20, 0x77,
00488         0x65, 0x72, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20,
00489         0x62, 0x6f, 0x72, 0x6f, 0x67, 0x6f, 0x76, 0x65,
00490         0x73, 0x2c, 0x0a, 0x41, 0x6e, 0x64, 0x20, 0x74,
00491         0x68, 0x65, 0x20, 0x6d, 0x6f, 0x6d, 0x65, 0x20,
00492         0x72, 0x61, 0x74, 0x68, 0x73, 0x20, 0x6f, 0x75,
00493         0x74, 0x67, 0x72, 0x61, 0x62, 0x65, 0x2e
00494     }
00495 };
00496 
00497 static const size_t test_data_len[2] =
00498 {
00499     34U,
00500     127U
00501 };
00502 
00503 static const unsigned char test_mac[2][16] =
00504 {
00505     {
00506         0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
00507         0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
00508     },
00509     {
00510         0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61,
00511         0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62
00512     }
00513 };
00514 
00515 #define ASSERT( cond, args )            \
00516     do                                  \
00517     {                                   \
00518         if( ! ( cond ) )                \
00519         {                               \
00520             if( verbose != 0 )          \
00521                 mbedtls_printf args;    \
00522                                         \
00523             return( -1 );               \
00524         }                               \
00525     }                                   \
00526     while( 0 )
00527 
00528 int mbedtls_poly1305_self_test( int verbose )
00529 {
00530     unsigned char mac[16];
00531     unsigned i;
00532     int ret;
00533 
00534     for( i = 0U; i < 2U; i++ )
00535     {
00536         if( verbose != 0 )
00537             mbedtls_printf( "  Poly1305 test %u ", i );
00538 
00539         ret = mbedtls_poly1305_mac( test_keys[i],
00540                                     test_data[i],
00541                                     test_data_len[i],
00542                                     mac );
00543         ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
00544 
00545         ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );
00546 
00547         if( verbose != 0 )
00548             mbedtls_printf( "passed\n" );
00549     }
00550 
00551     if( verbose != 0 )
00552         mbedtls_printf( "\n" );
00553 
00554     return( 0 );
00555 }
00556 
00557 #endif /* MBEDTLS_SELF_TEST */
00558 
00559 #endif /* MBEDTLS_POLY1305_C */