Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
poly1305.c
00001 /** 00002 * \file poly1305.c 00003 * 00004 * \brief Poly1305 authentication algorithm. 00005 * 00006 * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved 00007 * SPDX-License-Identifier: Apache-2.0 00008 * 00009 * Licensed under the Apache License, Version 2.0 (the "License"); you may 00010 * not use this file except in compliance with the License. 00011 * You may obtain a copy of the License at 00012 * 00013 * http://www.apache.org/licenses/LICENSE-2.0 00014 * 00015 * Unless required by applicable law or agreed to in writing, software 00016 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 00017 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00018 * See the License for the specific language governing permissions and 00019 * limitations under the License. 00020 * 00021 * This file is part of mbed TLS (https://tls.mbed.org) 00022 */ 00023 #if !defined(MBEDTLS_CONFIG_FILE) 00024 #include "mbedtls/config.h" 00025 #else 00026 #include MBEDTLS_CONFIG_FILE 00027 #endif 00028 00029 #if defined(MBEDTLS_POLY1305_C) 00030 00031 #include "mbedtls/poly1305.h" 00032 #include "mbedtls/platform_util.h" 00033 00034 #include <string.h> 00035 00036 #if defined(MBEDTLS_SELF_TEST) 00037 #if defined(MBEDTLS_PLATFORM_C) 00038 #include "mbedtls/platform.h" 00039 #else 00040 #include <stdio.h> 00041 #define mbedtls_printf printf 00042 #endif /* MBEDTLS_PLATFORM_C */ 00043 #endif /* MBEDTLS_SELF_TEST */ 00044 00045 #if !defined(MBEDTLS_POLY1305_ALT) 00046 00047 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ 00048 !defined(inline) && !defined(__cplusplus) 00049 #define inline __inline 00050 #endif 00051 00052 /* Parameter validation macros */ 00053 #define POLY1305_VALIDATE_RET( cond ) \ 00054 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA ) 00055 #define POLY1305_VALIDATE( cond ) \ 00056 MBEDTLS_INTERNAL_VALIDATE( cond ) 00057 00058 #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) 00059 00060 #define BYTES_TO_U32_LE( data, offset ) \ 00061 ( (uint32_t) (data)[offset] \ 00062 | (uint32_t) ( (uint32_t) (data)[( offset ) + 1] << 8 ) \ 00063 | (uint32_t) ( (uint32_t) (data)[( offset ) + 2] << 16 ) \ 00064 | (uint32_t) ( (uint32_t) (data)[( offset ) + 3] << 24 ) \ 00065 ) 00066 00067 /* 00068 * Our implementation is tuned for 32-bit platforms with a 64-bit multiplier. 00069 * However we provided an alternative for platforms without such a multiplier. 00070 */ 00071 #if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) 00072 static uint64_t mul64( uint32_t a, uint32_t b ) 00073 { 00074 /* a = al + 2**16 ah, b = bl + 2**16 bh */ 00075 const uint16_t al = (uint16_t) a; 00076 const uint16_t bl = (uint16_t) b; 00077 const uint16_t ah = a >> 16; 00078 const uint16_t bh = b >> 16; 00079 00080 /* ab = al*bl + 2**16 (ah*bl + bl*bh) + 2**32 ah*bh */ 00081 const uint32_t lo = (uint32_t) al * bl; 00082 const uint64_t me = (uint64_t)( (uint32_t) ah * bl ) + (uint32_t) al * bh; 00083 const uint32_t hi = (uint32_t) ah * bh; 00084 00085 return( lo + ( me << 16 ) + ( (uint64_t) hi << 32 ) ); 00086 } 00087 #else 00088 static inline uint64_t mul64( uint32_t a, uint32_t b ) 00089 { 00090 return( (uint64_t) a * b ); 00091 } 00092 #endif 00093 00094 00095 /** 00096 * \brief Process blocks with Poly1305. 00097 * 00098 * \param ctx The Poly1305 context. 00099 * \param nblocks Number of blocks to process. Note that this 00100 * function only processes full blocks. 00101 * \param input Buffer containing the input block(s). 00102 * \param needs_padding Set to 0 if the padding bit has already been 00103 * applied to the input data before calling this 00104 * function. Otherwise, set this parameter to 1. 00105 */ 00106 static void poly1305_process( mbedtls_poly1305_context *ctx, 00107 size_t nblocks, 00108 const unsigned char *input, 00109 uint32_t needs_padding ) 00110 { 00111 uint64_t d0, d1, d2, d3; 00112 uint32_t acc0, acc1, acc2, acc3, acc4; 00113 uint32_t r0, r1, r2, r3; 00114 uint32_t rs1, rs2, rs3; 00115 size_t offset = 0U; 00116 size_t i; 00117 00118 r0 = ctx->r[0]; 00119 r1 = ctx->r[1]; 00120 r2 = ctx->r[2]; 00121 r3 = ctx->r[3]; 00122 00123 rs1 = r1 + ( r1 >> 2U ); 00124 rs2 = r2 + ( r2 >> 2U ); 00125 rs3 = r3 + ( r3 >> 2U ); 00126 00127 acc0 = ctx->acc[0]; 00128 acc1 = ctx->acc[1]; 00129 acc2 = ctx->acc[2]; 00130 acc3 = ctx->acc[3]; 00131 acc4 = ctx->acc[4]; 00132 00133 /* Process full blocks */ 00134 for( i = 0U; i < nblocks; i++ ) 00135 { 00136 /* The input block is treated as a 128-bit little-endian integer */ 00137 d0 = BYTES_TO_U32_LE( input, offset + 0 ); 00138 d1 = BYTES_TO_U32_LE( input, offset + 4 ); 00139 d2 = BYTES_TO_U32_LE( input, offset + 8 ); 00140 d3 = BYTES_TO_U32_LE( input, offset + 12 ); 00141 00142 /* Compute: acc += (padded) block as a 130-bit integer */ 00143 d0 += (uint64_t) acc0; 00144 d1 += (uint64_t) acc1 + ( d0 >> 32U ); 00145 d2 += (uint64_t) acc2 + ( d1 >> 32U ); 00146 d3 += (uint64_t) acc3 + ( d2 >> 32U ); 00147 acc0 = (uint32_t) d0; 00148 acc1 = (uint32_t) d1; 00149 acc2 = (uint32_t) d2; 00150 acc3 = (uint32_t) d3; 00151 acc4 += (uint32_t) ( d3 >> 32U ) + needs_padding; 00152 00153 /* Compute: acc *= r */ 00154 d0 = mul64( acc0, r0 ) + 00155 mul64( acc1, rs3 ) + 00156 mul64( acc2, rs2 ) + 00157 mul64( acc3, rs1 ); 00158 d1 = mul64( acc0, r1 ) + 00159 mul64( acc1, r0 ) + 00160 mul64( acc2, rs3 ) + 00161 mul64( acc3, rs2 ) + 00162 mul64( acc4, rs1 ); 00163 d2 = mul64( acc0, r2 ) + 00164 mul64( acc1, r1 ) + 00165 mul64( acc2, r0 ) + 00166 mul64( acc3, rs3 ) + 00167 mul64( acc4, rs2 ); 00168 d3 = mul64( acc0, r3 ) + 00169 mul64( acc1, r2 ) + 00170 mul64( acc2, r1 ) + 00171 mul64( acc3, r0 ) + 00172 mul64( acc4, rs3 ); 00173 acc4 *= r0; 00174 00175 /* Compute: acc %= (2^130 - 5) (partial remainder) */ 00176 d1 += ( d0 >> 32 ); 00177 d2 += ( d1 >> 32 ); 00178 d3 += ( d2 >> 32 ); 00179 acc0 = (uint32_t) d0; 00180 acc1 = (uint32_t) d1; 00181 acc2 = (uint32_t) d2; 00182 acc3 = (uint32_t) d3; 00183 acc4 = (uint32_t) ( d3 >> 32 ) + acc4; 00184 00185 d0 = (uint64_t) acc0 + ( acc4 >> 2 ) + ( acc4 & 0xFFFFFFFCU ); 00186 acc4 &= 3U; 00187 acc0 = (uint32_t) d0; 00188 d0 = (uint64_t) acc1 + ( d0 >> 32U ); 00189 acc1 = (uint32_t) d0; 00190 d0 = (uint64_t) acc2 + ( d0 >> 32U ); 00191 acc2 = (uint32_t) d0; 00192 d0 = (uint64_t) acc3 + ( d0 >> 32U ); 00193 acc3 = (uint32_t) d0; 00194 d0 = (uint64_t) acc4 + ( d0 >> 32U ); 00195 acc4 = (uint32_t) d0; 00196 00197 offset += POLY1305_BLOCK_SIZE_BYTES; 00198 } 00199 00200 ctx->acc[0] = acc0; 00201 ctx->acc[1] = acc1; 00202 ctx->acc[2] = acc2; 00203 ctx->acc[3] = acc3; 00204 ctx->acc[4] = acc4; 00205 } 00206 00207 /** 00208 * \brief Compute the Poly1305 MAC 00209 * 00210 * \param ctx The Poly1305 context. 00211 * \param mac The buffer to where the MAC is written. Must be 00212 * big enough to contain the 16-byte MAC. 00213 */ 00214 static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx, 00215 unsigned char mac[16] ) 00216 { 00217 uint64_t d; 00218 uint32_t g0, g1, g2, g3, g4; 00219 uint32_t acc0, acc1, acc2, acc3, acc4; 00220 uint32_t mask; 00221 uint32_t mask_inv; 00222 00223 acc0 = ctx->acc[0]; 00224 acc1 = ctx->acc[1]; 00225 acc2 = ctx->acc[2]; 00226 acc3 = ctx->acc[3]; 00227 acc4 = ctx->acc[4]; 00228 00229 /* Before adding 's' we ensure that the accumulator is mod 2^130 - 5. 00230 * We do this by calculating acc - (2^130 - 5), then checking if 00231 * the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5) 00232 */ 00233 00234 /* Calculate acc + -(2^130 - 5) */ 00235 d = ( (uint64_t) acc0 + 5U ); 00236 g0 = (uint32_t) d; 00237 d = ( (uint64_t) acc1 + ( d >> 32 ) ); 00238 g1 = (uint32_t) d; 00239 d = ( (uint64_t) acc2 + ( d >> 32 ) ); 00240 g2 = (uint32_t) d; 00241 d = ( (uint64_t) acc3 + ( d >> 32 ) ); 00242 g3 = (uint32_t) d; 00243 g4 = acc4 + (uint32_t) ( d >> 32U ); 00244 00245 /* mask == 0xFFFFFFFF if 131st bit is set, otherwise mask == 0 */ 00246 mask = (uint32_t) 0U - ( g4 >> 2U ); 00247 mask_inv = ~mask; 00248 00249 /* If 131st bit is set then acc=g, otherwise, acc is unmodified */ 00250 acc0 = ( acc0 & mask_inv ) | ( g0 & mask ); 00251 acc1 = ( acc1 & mask_inv ) | ( g1 & mask ); 00252 acc2 = ( acc2 & mask_inv ) | ( g2 & mask ); 00253 acc3 = ( acc3 & mask_inv ) | ( g3 & mask ); 00254 00255 /* Add 's' */ 00256 d = (uint64_t) acc0 + ctx->s[0]; 00257 acc0 = (uint32_t) d; 00258 d = (uint64_t) acc1 + ctx->s[1] + ( d >> 32U ); 00259 acc1 = (uint32_t) d; 00260 d = (uint64_t) acc2 + ctx->s[2] + ( d >> 32U ); 00261 acc2 = (uint32_t) d; 00262 acc3 += ctx->s[3] + (uint32_t) ( d >> 32U ); 00263 00264 /* Compute MAC (128 least significant bits of the accumulator) */ 00265 mac[ 0] = (unsigned char)( acc0 ); 00266 mac[ 1] = (unsigned char)( acc0 >> 8 ); 00267 mac[ 2] = (unsigned char)( acc0 >> 16 ); 00268 mac[ 3] = (unsigned char)( acc0 >> 24 ); 00269 mac[ 4] = (unsigned char)( acc1 ); 00270 mac[ 5] = (unsigned char)( acc1 >> 8 ); 00271 mac[ 6] = (unsigned char)( acc1 >> 16 ); 00272 mac[ 7] = (unsigned char)( acc1 >> 24 ); 00273 mac[ 8] = (unsigned char)( acc2 ); 00274 mac[ 9] = (unsigned char)( acc2 >> 8 ); 00275 mac[10] = (unsigned char)( acc2 >> 16 ); 00276 mac[11] = (unsigned char)( acc2 >> 24 ); 00277 mac[12] = (unsigned char)( acc3 ); 00278 mac[13] = (unsigned char)( acc3 >> 8 ); 00279 mac[14] = (unsigned char)( acc3 >> 16 ); 00280 mac[15] = (unsigned char)( acc3 >> 24 ); 00281 } 00282 00283 void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx ) 00284 { 00285 POLY1305_VALIDATE( ctx != NULL ); 00286 00287 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); 00288 } 00289 00290 void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx ) 00291 { 00292 if( ctx == NULL ) 00293 return; 00294 00295 mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) ); 00296 } 00297 00298 int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, 00299 const unsigned char key[32] ) 00300 { 00301 POLY1305_VALIDATE_RET( ctx != NULL ); 00302 POLY1305_VALIDATE_RET( key != NULL ); 00303 00304 /* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */ 00305 ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU; 00306 ctx->r[1] = BYTES_TO_U32_LE( key, 4 ) & 0x0FFFFFFCU; 00307 ctx->r[2] = BYTES_TO_U32_LE( key, 8 ) & 0x0FFFFFFCU; 00308 ctx->r[3] = BYTES_TO_U32_LE( key, 12 ) & 0x0FFFFFFCU; 00309 00310 ctx->s[0] = BYTES_TO_U32_LE( key, 16 ); 00311 ctx->s[1] = BYTES_TO_U32_LE( key, 20 ); 00312 ctx->s[2] = BYTES_TO_U32_LE( key, 24 ); 00313 ctx->s[3] = BYTES_TO_U32_LE( key, 28 ); 00314 00315 /* Initial accumulator state */ 00316 ctx->acc[0] = 0U; 00317 ctx->acc[1] = 0U; 00318 ctx->acc[2] = 0U; 00319 ctx->acc[3] = 0U; 00320 ctx->acc[4] = 0U; 00321 00322 /* Queue initially empty */ 00323 mbedtls_platform_zeroize( ctx->queue, sizeof( ctx->queue ) ); 00324 ctx->queue_len = 0U; 00325 00326 return( 0 ); 00327 } 00328 00329 int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx, 00330 const unsigned char *input, 00331 size_t ilen ) 00332 { 00333 size_t offset = 0U; 00334 size_t remaining = ilen; 00335 size_t queue_free_len; 00336 size_t nblocks; 00337 POLY1305_VALIDATE_RET( ctx != NULL ); 00338 POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); 00339 00340 if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) ) 00341 { 00342 queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); 00343 00344 if( ilen < queue_free_len ) 00345 { 00346 /* Not enough data to complete the block. 00347 * Store this data with the other leftovers. 00348 */ 00349 memcpy( &ctx->queue[ctx->queue_len], 00350 input, 00351 ilen ); 00352 00353 ctx->queue_len += ilen; 00354 00355 remaining = 0U; 00356 } 00357 else 00358 { 00359 /* Enough data to produce a complete block */ 00360 memcpy( &ctx->queue[ctx->queue_len], 00361 input, 00362 queue_free_len ); 00363 00364 ctx->queue_len = 0U; 00365 00366 poly1305_process( ctx, 1U, ctx->queue, 1U ); /* add padding bit */ 00367 00368 offset += queue_free_len; 00369 remaining -= queue_free_len; 00370 } 00371 } 00372 00373 if( remaining >= POLY1305_BLOCK_SIZE_BYTES ) 00374 { 00375 nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES; 00376 00377 poly1305_process( ctx, nblocks, &input[offset], 1U ); 00378 00379 offset += nblocks * POLY1305_BLOCK_SIZE_BYTES; 00380 remaining %= POLY1305_BLOCK_SIZE_BYTES; 00381 } 00382 00383 if( remaining > 0U ) 00384 { 00385 /* Store partial block */ 00386 ctx->queue_len = remaining; 00387 memcpy( ctx->queue, &input[offset], remaining ); 00388 } 00389 00390 return( 0 ); 00391 } 00392 00393 int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx, 00394 unsigned char mac[16] ) 00395 { 00396 POLY1305_VALIDATE_RET( ctx != NULL ); 00397 POLY1305_VALIDATE_RET( mac != NULL ); 00398 00399 /* Process any leftover data */ 00400 if( ctx->queue_len > 0U ) 00401 { 00402 /* Add padding bit */ 00403 ctx->queue[ctx->queue_len] = 1U; 00404 ctx->queue_len++; 00405 00406 /* Pad with zeroes */ 00407 memset( &ctx->queue[ctx->queue_len], 00408 0, 00409 POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len ); 00410 00411 poly1305_process( ctx, 1U, /* Process 1 block */ 00412 ctx->queue, 0U ); /* Already padded above */ 00413 } 00414 00415 poly1305_compute_mac( ctx, mac ); 00416 00417 return( 0 ); 00418 } 00419 00420 int mbedtls_poly1305_mac( const unsigned char key[32], 00421 const unsigned char *input, 00422 size_t ilen, 00423 unsigned char mac[16] ) 00424 { 00425 mbedtls_poly1305_context ctx; 00426 int ret; 00427 POLY1305_VALIDATE_RET( key != NULL ); 00428 POLY1305_VALIDATE_RET( mac != NULL ); 00429 POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); 00430 00431 mbedtls_poly1305_init( &ctx ); 00432 00433 ret = mbedtls_poly1305_starts( &ctx, key ); 00434 if( ret != 0 ) 00435 goto cleanup; 00436 00437 ret = mbedtls_poly1305_update( &ctx, input, ilen ); 00438 if( ret != 0 ) 00439 goto cleanup; 00440 00441 ret = mbedtls_poly1305_finish( &ctx, mac ); 00442 00443 cleanup: 00444 mbedtls_poly1305_free( &ctx ); 00445 return( ret ); 00446 } 00447 00448 #endif /* MBEDTLS_POLY1305_ALT */ 00449 00450 #if defined(MBEDTLS_SELF_TEST) 00451 00452 static const unsigned char test_keys[2][32] = 00453 { 00454 { 00455 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 00456 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 00457 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 00458 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b 00459 }, 00460 { 00461 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 00462 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, 00463 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 00464 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 00465 } 00466 }; 00467 00468 static const unsigned char test_data[2][127] = 00469 { 00470 { 00471 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72, 00472 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f, 00473 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65, 00474 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f, 00475 0x75, 0x70 00476 }, 00477 { 00478 0x27, 0x54, 0x77, 0x61, 0x73, 0x20, 0x62, 0x72, 00479 0x69, 0x6c, 0x6c, 0x69, 0x67, 0x2c, 0x20, 0x61, 00480 0x6e, 0x64, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 00481 0x6c, 0x69, 0x74, 0x68, 0x79, 0x20, 0x74, 0x6f, 00482 0x76, 0x65, 0x73, 0x0a, 0x44, 0x69, 0x64, 0x20, 00483 0x67, 0x79, 0x72, 0x65, 0x20, 0x61, 0x6e, 0x64, 00484 0x20, 0x67, 0x69, 0x6d, 0x62, 0x6c, 0x65, 0x20, 00485 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x77, 00486 0x61, 0x62, 0x65, 0x3a, 0x0a, 0x41, 0x6c, 0x6c, 00487 0x20, 0x6d, 0x69, 0x6d, 0x73, 0x79, 0x20, 0x77, 00488 0x65, 0x72, 0x65, 0x20, 0x74, 0x68, 0x65, 0x20, 00489 0x62, 0x6f, 0x72, 0x6f, 0x67, 0x6f, 0x76, 0x65, 00490 0x73, 0x2c, 0x0a, 0x41, 0x6e, 0x64, 0x20, 0x74, 00491 0x68, 0x65, 0x20, 0x6d, 0x6f, 0x6d, 0x65, 0x20, 00492 0x72, 0x61, 0x74, 0x68, 0x73, 0x20, 0x6f, 0x75, 00493 0x74, 0x67, 0x72, 0x61, 0x62, 0x65, 0x2e 00494 } 00495 }; 00496 00497 static const size_t test_data_len[2] = 00498 { 00499 34U, 00500 127U 00501 }; 00502 00503 static const unsigned char test_mac[2][16] = 00504 { 00505 { 00506 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6, 00507 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9 00508 }, 00509 { 00510 0x45, 0x41, 0x66, 0x9a, 0x7e, 0xaa, 0xee, 0x61, 00511 0xe7, 0x08, 0xdc, 0x7c, 0xbc, 0xc5, 0xeb, 0x62 00512 } 00513 }; 00514 00515 #define ASSERT( cond, args ) \ 00516 do \ 00517 { \ 00518 if( ! ( cond ) ) \ 00519 { \ 00520 if( verbose != 0 ) \ 00521 mbedtls_printf args; \ 00522 \ 00523 return( -1 ); \ 00524 } \ 00525 } \ 00526 while( 0 ) 00527 00528 int mbedtls_poly1305_self_test( int verbose ) 00529 { 00530 unsigned char mac[16]; 00531 unsigned i; 00532 int ret; 00533 00534 for( i = 0U; i < 2U; i++ ) 00535 { 00536 if( verbose != 0 ) 00537 mbedtls_printf( " Poly1305 test %u ", i ); 00538 00539 ret = mbedtls_poly1305_mac( test_keys[i], 00540 test_data[i], 00541 test_data_len[i], 00542 mac ); 00543 ASSERT( 0 == ret, ( "error code: %i\n", ret ) ); 00544 00545 ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) ); 00546 00547 if( verbose != 0 ) 00548 mbedtls_printf( "passed\n" ); 00549 } 00550 00551 if( verbose != 0 ) 00552 mbedtls_printf( "\n" ); 00553 00554 return( 0 ); 00555 } 00556 00557 #endif /* MBEDTLS_SELF_TEST */ 00558 00559 #endif /* MBEDTLS_POLY1305_C */
Generated on Tue Jul 12 2022 13:54:42 by
