Misc style adjustments

- fix some whitespace
- fix most overlong lines
- remove some superfluous parentheses
- s/result/ret/ for consistency with the rest of the library
This commit is contained in:
Manuel Pégourié-Gonnard 2018-05-24 17:53:41 +02:00
parent 98fae6d800
commit 1729789075
3 changed files with 189 additions and 182 deletions

View file

@ -55,7 +55,8 @@
| (uint32_t) ( (uint32_t) data[( offset ) + 3] << 24 ) \
)
#define ROTL32( value, amount ) ( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
#define ROTL32( value, amount ) \
( (uint32_t) ( value << amount ) | ( value >> ( 32 - amount ) ) )
#define CHACHA20_CTR_INDEX ( 12U )
@ -127,7 +128,7 @@ static void chacha20_inner_block( uint32_t state[16] )
/**
* \brief Generates a keystream block.
*
* \param initial_state The initial ChaCha20 state (containing the key, nonce, counter).
* \param initial_state The initial ChaCha20 state (key, nonce, counter).
* \param keystream Generated keystream bytes are written to this buffer.
*/
static void chacha20_block( const uint32_t initial_state[16],
@ -140,19 +141,19 @@ static void chacha20_block( const uint32_t initial_state[16],
initial_state,
CHACHA20_BLOCK_SIZE_BYTES );
for ( i = 0U; i < 10U; i++ )
for( i = 0U; i < 10U; i++ )
chacha20_inner_block( working_state );
working_state[0] += initial_state[0];
working_state[1] += initial_state[1];
working_state[2] += initial_state[2];
working_state[3] += initial_state[3];
working_state[4] += initial_state[4];
working_state[5] += initial_state[5];
working_state[6] += initial_state[6];
working_state[7] += initial_state[7];
working_state[8] += initial_state[8];
working_state[9] += initial_state[9];
working_state[ 0] += initial_state[ 0];
working_state[ 1] += initial_state[ 1];
working_state[ 2] += initial_state[ 2];
working_state[ 3] += initial_state[ 3];
working_state[ 4] += initial_state[ 4];
working_state[ 5] += initial_state[ 5];
working_state[ 6] += initial_state[ 6];
working_state[ 7] += initial_state[ 7];
working_state[ 8] += initial_state[ 8];
working_state[ 9] += initial_state[ 9];
working_state[10] += initial_state[10];
working_state[11] += initial_state[11];
working_state[12] += initial_state[12];
@ -160,14 +161,14 @@ static void chacha20_block( const uint32_t initial_state[16],
working_state[14] += initial_state[14];
working_state[15] += initial_state[15];
for ( i = 0U; i < 16; i++ )
for( i = 0U; i < 16; i++ )
{
size_t offset = i * 4U;
keystream[offset ] = (unsigned char) working_state[i];
keystream[offset + 1U] = (unsigned char) ( working_state[i] >> 8 );
keystream[offset + 2U] = (unsigned char) ( working_state[i] >> 16 );
keystream[offset + 3U] = (unsigned char) ( working_state[i] >> 24 );
keystream[offset ] = (unsigned char)( working_state[i] );
keystream[offset + 1U] = (unsigned char)( working_state[i] >> 8 );
keystream[offset + 2U] = (unsigned char)( working_state[i] >> 16 );
keystream[offset + 3U] = (unsigned char)( working_state[i] >> 24 );
}
mbedtls_platform_zeroize( working_state, sizeof( working_state ) );
@ -175,7 +176,7 @@ static void chacha20_block( const uint32_t initial_state[16],
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
@ -187,7 +188,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_chacha20_context ) );
}
@ -196,7 +197,7 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
const unsigned char key[32] )
{
if ( ( ctx == NULL ) || ( key == NULL ) )
if( ( ctx == NULL ) || ( key == NULL ) )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
@ -224,7 +225,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
const unsigned char nonce[12],
uint32_t counter )
{
if ( ( ctx == NULL ) || ( nonce == NULL ) )
if( ( ctx == NULL ) || ( nonce == NULL ) )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
@ -253,20 +254,21 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
size_t offset = 0U;
size_t i;
if ( ctx == NULL )
if( ctx == NULL )
{
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
else if ( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
{
/* input and output pointers are allowed to be NULL only if size == 0 */
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
}
/* Use leftover keystream bytes, if available */
while ( ( size > 0U ) && ( ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES ) )
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
{
output[offset] = input[offset] ^ ctx->keystream8[ctx->keystream_bytes_used];
output[offset] = input[offset]
^ ctx->keystream8[ctx->keystream_bytes_used];
ctx->keystream_bytes_used++;
offset++;
@ -274,22 +276,22 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Process full blocks */
while ( size >= CHACHA20_BLOCK_SIZE_BYTES )
while( size >= CHACHA20_BLOCK_SIZE_BYTES )
{
/* Generate new keystream block and increment counter */
chacha20_block( ctx->state, ctx->keystream8 );
ctx->state[CHACHA20_CTR_INDEX]++;
for ( i = 0U; i < 64U; i += 8U )
for( i = 0U; i < 64U; i += 8U )
{
output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ];
output[offset + i + 1U ] = input[offset + i + 1U ] ^ ctx->keystream8[i + 1U ];
output[offset + i + 2U ] = input[offset + i + 2U ] ^ ctx->keystream8[i + 2U ];
output[offset + i + 3U ] = input[offset + i + 3U ] ^ ctx->keystream8[i + 3U ];
output[offset + i + 4U ] = input[offset + i + 4U ] ^ ctx->keystream8[i + 4U ];
output[offset + i + 5U ] = input[offset + i + 5U ] ^ ctx->keystream8[i + 5U ];
output[offset + i + 6U ] = input[offset + i + 6U ] ^ ctx->keystream8[i + 6U ];
output[offset + i + 7U ] = input[offset + i + 7U ] ^ ctx->keystream8[i + 7U ];
output[offset + i ] = input[offset + i ] ^ ctx->keystream8[i ];
output[offset + i+1] = input[offset + i+1] ^ ctx->keystream8[i+1];
output[offset + i+2] = input[offset + i+2] ^ ctx->keystream8[i+2];
output[offset + i+3] = input[offset + i+3] ^ ctx->keystream8[i+3];
output[offset + i+4] = input[offset + i+4] ^ ctx->keystream8[i+4];
output[offset + i+5] = input[offset + i+5] ^ ctx->keystream8[i+5];
output[offset + i+6] = input[offset + i+6] ^ ctx->keystream8[i+6];
output[offset + i+7] = input[offset + i+7] ^ ctx->keystream8[i+7];
}
offset += CHACHA20_BLOCK_SIZE_BYTES;
@ -297,13 +299,13 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
}
/* Last (partial) block */
if ( size > 0U )
if( size > 0U )
{
/* Generate new keystream block and increment counter */
chacha20_block( ctx->state, ctx->keystream8 );
ctx->state[CHACHA20_CTR_INDEX]++;
for ( i = 0U; i < size; i++)
for( i = 0U; i < size; i++)
{
output[offset + i] = input[offset + i] ^ ctx->keystream8[i];
}
@ -323,23 +325,23 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
unsigned char* output )
{
mbedtls_chacha20_context ctx;
int result;
int ret;
mbedtls_chacha20_init( &ctx );
result = mbedtls_chacha20_setkey( &ctx, key );
if ( result != 0 )
ret = mbedtls_chacha20_setkey( &ctx, key );
if( ret != 0 )
goto cleanup;
result = mbedtls_chacha20_starts( &ctx, nonce, counter );
if ( result != 0 )
ret = mbedtls_chacha20_starts( &ctx, nonce, counter );
if( ret != 0 )
goto cleanup;
result = mbedtls_chacha20_update( &ctx, data_len, input, output );
ret = mbedtls_chacha20_update( &ctx, data_len, input, output );
cleanup:
mbedtls_chacha20_free( &ctx );
return( result );
return( ret );
}
#endif /* !MBEDTLS_CHACHA20_ALT */
@ -529,21 +531,21 @@ int mbedtls_chacha20_self_test( int verbose )
{
unsigned char output[381];
unsigned i;
int result;
int ret;
for( i = 0U; i < 2U; i++ )
{
if( verbose != 0 )
mbedtls_printf( " ChaCha20 test %u ", i );
result = mbedtls_chacha20_crypt( test_keys[i],
test_nonces[i],
test_counters[i],
test_lengths[i],
test_input[i],
output );
ret = mbedtls_chacha20_crypt( test_keys[i],
test_nonces[i],
test_counters[i],
test_lengths[i],
test_input[i],
output );
ASSERT( 0 == result, ( "error code: %i\n", result ) );
ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
ASSERT( 0 == memcmp( output, test_output[i], test_lengths[i] ),
( "failed (output)\n" ) );

View file

@ -50,7 +50,7 @@
#define CHACHAPOLY_STATE_FINISHED ( 3 )
/**
* \brief Adds padding bytes (zeroes) to pad the AAD for Poly1305.
* \brief Adds nul bytes to pad the AAD for Poly1305.
*
* \param ctx The ChaCha20-Poly1305 context.
*/
@ -59,7 +59,7 @@ static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) ( ctx->aad_len % 16U );
unsigned char zeroes[15];
if ( partial_block_len > 0U )
if( partial_block_len > 0U )
{
memset( zeroes, 0, sizeof( zeroes ) );
(void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
@ -69,7 +69,7 @@ static void chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
}
/**
* \brief Adds padding bytes (zeroes) to pad the ciphertext for Poly1305.
* \brief Adds nul bytes to pad the ciphertext for Poly1305.
*
* \param ctx The ChaCha20-Poly1305 context.
*/
@ -78,7 +78,7 @@ static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
uint32_t partial_block_len = (uint32_t) ( ctx->ciphertext_len % 16U );
unsigned char zeroes[15];
if ( partial_block_len > 0U )
if( partial_block_len > 0U )
{
memset( zeroes, 0, sizeof( zeroes ) );
(void) mbedtls_poly1305_update( &ctx->poly1305_ctx,
@ -89,7 +89,7 @@ static void chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_chacha20_init( &ctx->chacha20_ctx );
mbedtls_poly1305_init( &ctx->poly1305_ctx );
@ -102,7 +102,7 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_chacha20_free( &ctx->chacha20_ctx );
mbedtls_poly1305_free( &ctx->poly1305_ctx );
@ -116,49 +116,49 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
const unsigned char key[32] )
{
int result;
int ret;
if ( ( ctx == NULL ) || ( key == NULL ) )
if( ( ctx == NULL ) || ( key == NULL ) )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
result = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
return( result );
return( ret );
}
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
const unsigned char nonce[12],
mbedtls_chachapoly_mode_t mode )
{
int result;
int ret;
unsigned char poly1305_key[64];
if ( ( ctx == NULL ) || ( nonce == NULL ) )
if( ( ctx == NULL ) || ( nonce == NULL ) )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
result = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
if ( result != 0 )
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
if( ret != 0 )
goto cleanup;
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with counter = 0.
* This is the same as encrypting a buffer of zeroes.
/* Generate the Poly1305 key by getting the ChaCha20 keystream output with
* counter = 0. This is the same as encrypting a buffer of zeroes.
* Only the first 256-bits (32 bytes) of the key is used for Poly1305.
* The other 256 bits are discarded.
*/
memset( poly1305_key, 0, sizeof( poly1305_key ) );
result = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ),
poly1305_key, poly1305_key );
if ( result != 0 )
if( ret != 0 )
goto cleanup;
result = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key );
if ( result == 0 )
if( ret == 0 )
{
ctx->aad_len = 0U;
ctx->ciphertext_len = 0U;
@ -168,23 +168,23 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
cleanup:
mbedtls_platform_zeroize( poly1305_key, 64U );
return( result );
return( ret );
}
int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
const unsigned char *aad,
size_t aad_len )
{
if ( ctx == NULL )
if( ctx == NULL )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ( aad_len > 0U ) && ( aad == NULL ) )
else if( ( aad_len > 0U ) && ( aad == NULL ) )
{
/* aad pointer is allowed to be NULL if aad_len == 0 */
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ctx->state != CHACHAPOLY_STATE_AAD )
else if( ctx->state != CHACHAPOLY_STATE_AAD )
{
return(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
}
@ -199,22 +199,22 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
const unsigned char *input,
unsigned char *output )
{
if ( ctx == NULL )
if( ctx == NULL )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
{
/* input and output pointers are allowed to be NULL if len == 0 */
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
}
if ( ctx->state == CHACHAPOLY_STATE_AAD )
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
@ -223,11 +223,11 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
ctx->ciphertext_len += len;
if ( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
{
/* Note: the following functions return an error only if one or more of
* the input pointers are NULL. Since we have checked their validity
* above, we can safety ignore the return value.
* the input pointers are NULL. Since we have checked their
* validity above, we can safety ignore the return value.
*/
(void) mbedtls_chacha20_update( &ctx->chacha20_ctx, len, input, output );
(void) mbedtls_poly1305_update( &ctx->poly1305_ctx, output, len );
@ -246,20 +246,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
{
unsigned char len_block[16];
if ( ( ctx == NULL ) || ( mac == NULL ) )
if( ( ctx == NULL ) || ( mac == NULL ) )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ctx->state == CHACHAPOLY_STATE_INIT )
else if( ctx->state == CHACHAPOLY_STATE_INIT )
{
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
}
if ( ctx->state == CHACHAPOLY_STATE_AAD )
if( ctx->state == CHACHAPOLY_STATE_AAD )
{
chachapoly_pad_aad( ctx );
}
else if ( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
{
chachapoly_pad_ciphertext( ctx );
}
@ -269,22 +269,22 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
/* The lengths of the AAD and ciphertext are processed by
* Poly1305 as the final 128-bit block, encoded as little-endian integers.
*/
len_block[0] = (unsigned char) ctx->aad_len;
len_block[1] = (unsigned char) ( ctx->aad_len >> 8 );
len_block[2] = (unsigned char) ( ctx->aad_len >> 16 );
len_block[3] = (unsigned char) ( ctx->aad_len >> 24 );
len_block[4] = (unsigned char) ( ctx->aad_len >> 32 );
len_block[5] = (unsigned char) ( ctx->aad_len >> 40 );
len_block[6] = (unsigned char) ( ctx->aad_len >> 48 );
len_block[7] = (unsigned char) ( ctx->aad_len >> 56 );
len_block[8] = (unsigned char) ctx->ciphertext_len;
len_block[9] = (unsigned char) ( ctx->ciphertext_len >> 8 );
len_block[10] = (unsigned char) ( ctx->ciphertext_len >> 16 );
len_block[11] = (unsigned char) ( ctx->ciphertext_len >> 24 );
len_block[12] = (unsigned char) ( ctx->ciphertext_len >> 32 );
len_block[13] = (unsigned char) ( ctx->ciphertext_len >> 40 );
len_block[14] = (unsigned char) ( ctx->ciphertext_len >> 48 );
len_block[15] = (unsigned char) ( ctx->ciphertext_len >> 56 );
len_block[ 0] = (unsigned char)( ctx->aad_len );
len_block[ 1] = (unsigned char)( ctx->aad_len >> 8 );
len_block[ 2] = (unsigned char)( ctx->aad_len >> 16 );
len_block[ 3] = (unsigned char)( ctx->aad_len >> 24 );
len_block[ 4] = (unsigned char)( ctx->aad_len >> 32 );
len_block[ 5] = (unsigned char)( ctx->aad_len >> 40 );
len_block[ 6] = (unsigned char)( ctx->aad_len >> 48 );
len_block[ 7] = (unsigned char)( ctx->aad_len >> 56 );
len_block[ 8] = (unsigned char)( ctx->ciphertext_len );
len_block[ 9] = (unsigned char)( ctx->ciphertext_len >> 8 );
len_block[10] = (unsigned char)( ctx->ciphertext_len >> 16 );
len_block[11] = (unsigned char)( ctx->ciphertext_len >> 24 );
len_block[12] = (unsigned char)( ctx->ciphertext_len >> 32 );
len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 );
len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 );
len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 );
(void) mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U );
(void) mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac );
@ -302,24 +302,24 @@ int mbedtls_chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
unsigned char *output,
unsigned char tag[16] )
{
int result;
int ret;
result = mbedtls_chachapoly_starts( ctx, nonce, mode );
if ( result != 0 )
ret = mbedtls_chachapoly_starts( ctx, nonce, mode );
if( ret != 0 )
goto cleanup;
result = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
if ( result != 0 )
goto cleanup;
ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len );
if( ret != 0 )
goto cleanup;
result = mbedtls_chachapoly_update( ctx, length, input, output );
if ( result != 0 )
goto cleanup;
ret = mbedtls_chachapoly_update( ctx, length, input, output );
if( ret != 0 )
goto cleanup;
result = mbedtls_chachapoly_finish( ctx, tag );
ret = mbedtls_chachapoly_finish( ctx, tag );
cleanup:
return( result );
return( ret );
}
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
@ -466,7 +466,7 @@ int mbedtls_chachapoly_self_test( int verbose )
{
mbedtls_chachapoly_context ctx;
unsigned i;
int result;
int ret;
unsigned char output[200];
unsigned char mac[16];
@ -477,20 +477,20 @@ int mbedtls_chachapoly_self_test( int verbose )
mbedtls_chachapoly_init( &ctx );
result = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
ASSERT( 0 == result, ( "setkey() error code: %i\n", result ) );
ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] );
ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) );
result = mbedtls_chachapoly_crypt_and_tag( &ctx,
MBEDTLS_CHACHAPOLY_ENCRYPT,
test_input_len[i],
test_nonce[i],
test_aad[i],
test_aad_len[i],
test_input[i],
output,
mac );
ret = mbedtls_chachapoly_crypt_and_tag( &ctx,
MBEDTLS_CHACHAPOLY_ENCRYPT,
test_input_len[i],
test_nonce[i],
test_aad[i],
test_aad_len[i],
test_input[i],
output,
mac );
ASSERT( 0 == result, ( "crypt_and_tag() error code: %i\n", result ) );
ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) );
ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ),
( "failure (wrong output)\n" ) );

View file

@ -57,12 +57,12 @@
* \brief Process blocks with Poly1305.
*
* \param ctx The Poly1305 context.
* \param nblocks Number of blocks to process. Note that this function
* only processes full blocks.
* \param nblocks Number of blocks to process. Note that this
* function only processes full blocks.
* \param input Buffer containing the input block(s).
* \param needs_padding Set to 0 if the padding bit has already been applied
* to the input data before calling this function.
* Otherwise, set this parameter to 1.
* \param needs_padding Set to 0 if the padding bit has already been
* applied to the input data before calling this
* function. Otherwise, set this parameter to 1.
*/
static void poly1305_process( mbedtls_poly1305_context *ctx,
size_t nblocks,
@ -92,14 +92,19 @@ static void poly1305_process( mbedtls_poly1305_context *ctx,
acc4 = ctx->acc[4];
/* Process full blocks */
for ( i = 0U; i < nblocks; i++ )
for( i = 0U; i < nblocks; i++ )
{
/* Compute: acc += block */
/* Note that the input block is treated as a 128-bit little-endian integer */
d0 = (uint64_t) acc0 + BYTES_TO_U32_LE( input, offset + 0 );
d1 = (uint64_t) acc1 + BYTES_TO_U32_LE( input, offset + 4 ) + ( d0 >> 32U );
d2 = (uint64_t) acc2 + BYTES_TO_U32_LE( input, offset + 8 ) + ( d1 >> 32U );
d3 = (uint64_t) acc3 + BYTES_TO_U32_LE( input, offset + 12 ) + ( d2 >> 32U );
/* The input block is treated as a 128-bit little-endian integer */
d0 = BYTES_TO_U32_LE( input, offset + 0 );
d1 = BYTES_TO_U32_LE( input, offset + 4 );
d2 = BYTES_TO_U32_LE( input, offset + 8 );
d3 = BYTES_TO_U32_LE( input, offset + 12 );
/* Compute: acc += (padded) block as a 130-bit integer */
d0 += (uint64_t) acc0;
d1 += (uint64_t) acc1 + ( d0 >> 32U );
d2 += (uint64_t) acc2 + ( d1 >> 32U );
d3 += (uint64_t) acc3 + ( d2 >> 32U );
acc0 = (uint32_t) d0;
acc1 = (uint32_t) d1;
acc2 = (uint32_t) d2;
@ -182,7 +187,7 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
acc3 = ctx->acc[3];
acc4 = ctx->acc[4];
/* Before adding 's' we need to ensure that the accumulator is mod 2^130 - 5.
/* Before adding 's' we ensure that the accumulator is mod 2^130 - 5.
* We do this by calculating acc - (2^130 - 5), then checking if
* the 131st bit is set. If it is, then reduce: acc -= (2^130 - 5)
*/
@ -218,27 +223,27 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
acc3 += ctx->s[3] + (uint32_t) ( d >> 32U );
/* Compute MAC (128 least significant bits of the accumulator) */
mac[0] = (unsigned char) acc0;
mac[1] = (unsigned char) ( acc0 >> 8 );
mac[2] = (unsigned char) ( acc0 >> 16 );
mac[3] = (unsigned char) ( acc0 >> 24 );
mac[4] = (unsigned char) acc1;
mac[5] = (unsigned char) ( acc1 >> 8 );
mac[6] = (unsigned char) ( acc1 >> 16 );
mac[7] = (unsigned char) ( acc1 >> 24 );
mac[8] = (unsigned char) acc2;
mac[9] = (unsigned char) ( acc2 >> 8 );
mac[10] = (unsigned char) ( acc2 >> 16 );
mac[11] = (unsigned char) ( acc2 >> 24 );
mac[12] = (unsigned char) acc3;
mac[13] = (unsigned char) ( acc3 >> 8 );
mac[14] = (unsigned char) ( acc3 >> 16 );
mac[15] = (unsigned char) ( acc3 >> 24 );
mac[ 0] = (unsigned char)( acc0 );
mac[ 1] = (unsigned char)( acc0 >> 8 );
mac[ 2] = (unsigned char)( acc0 >> 16 );
mac[ 3] = (unsigned char)( acc0 >> 24 );
mac[ 4] = (unsigned char)( acc1 );
mac[ 5] = (unsigned char)( acc1 >> 8 );
mac[ 6] = (unsigned char)( acc1 >> 16 );
mac[ 7] = (unsigned char)( acc1 >> 24 );
mac[ 8] = (unsigned char)( acc2 );
mac[ 9] = (unsigned char)( acc2 >> 8 );
mac[10] = (unsigned char)( acc2 >> 16 );
mac[11] = (unsigned char)( acc2 >> 24 );
mac[12] = (unsigned char)( acc3 );
mac[13] = (unsigned char)( acc3 >> 8 );
mac[14] = (unsigned char)( acc3 >> 16 );
mac[15] = (unsigned char)( acc3 >> 24 );
}
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
}
@ -246,7 +251,7 @@ void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
{
if ( ctx != NULL )
if( ctx != NULL )
{
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
}
@ -255,7 +260,7 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
const unsigned char key[32] )
{
if ( ctx == NULL || key == NULL )
if( ctx == NULL || key == NULL )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
@ -294,21 +299,21 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
size_t queue_free_len;
size_t nblocks;
if ( ctx == NULL )
if( ctx == NULL )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
else if ( ( ilen > 0U ) && ( input == NULL ) )
else if( ( ilen > 0U ) && ( input == NULL ) )
{
/* input pointer is allowed to be NULL only if ilen == 0 */
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
if ( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
{
queue_free_len = ( POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
if ( ilen < queue_free_len )
if( ilen < queue_free_len )
{
/* Not enough data to complete the block.
* Store this data with the other leftovers.
@ -337,7 +342,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
}
}
if ( remaining >= POLY1305_BLOCK_SIZE_BYTES )
if( remaining >= POLY1305_BLOCK_SIZE_BYTES )
{
nblocks = remaining / POLY1305_BLOCK_SIZE_BYTES;
@ -347,7 +352,7 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
remaining %= POLY1305_BLOCK_SIZE_BYTES;
}
if ( remaining > 0U )
if( remaining > 0U )
{
/* Store partial block */
ctx->queue_len = remaining;
@ -360,13 +365,13 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
unsigned char mac[16] )
{
if ( ( ctx == NULL ) || ( mac == NULL ) )
if( ( ctx == NULL ) || ( mac == NULL ) )
{
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
}
/* Process any leftover data */
if ( ctx->queue_len > 0U )
if( ctx->queue_len > 0U )
{
/* Add padding bit */
ctx->queue[ctx->queue_len] = 1U;
@ -378,7 +383,7 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len );
poly1305_process( ctx, 1U, /* Process 1 block */
ctx->queue, 0U ); /* Don't add padding bit (it was just added above) */
ctx->queue, 0U ); /* Already padded above */
}
poly1305_compute_mac( ctx, mac );
@ -392,23 +397,23 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
unsigned char mac[16] )
{
mbedtls_poly1305_context ctx;
int result;
int ret;
mbedtls_poly1305_init( &ctx );
result = mbedtls_poly1305_starts( &ctx, key );
if ( result != 0 )
ret = mbedtls_poly1305_starts( &ctx, key );
if( ret != 0 )
goto cleanup;
result = mbedtls_poly1305_update( &ctx, input, ilen );
if ( result != 0 )
ret = mbedtls_poly1305_update( &ctx, input, ilen );
if( ret != 0 )
goto cleanup;
result = mbedtls_poly1305_finish( &ctx, mac );
ret = mbedtls_poly1305_finish( &ctx, mac );
cleanup:
mbedtls_poly1305_free( &ctx );
return( result );
return( ret );
}
#endif /* MBEDTLS_POLY1305_ALT */
@ -495,18 +500,18 @@ int mbedtls_poly1305_self_test( int verbose )
{
unsigned char mac[16];
unsigned i;
int result;
int ret;
for( i = 0U; i < 2U; i++ )
{
if( verbose != 0 )
mbedtls_printf( " Poly1305 test %u ", i );
result = mbedtls_poly1305_mac( test_keys[i],
test_data[i],
test_data_len[i],
mac );
ASSERT( 0 == result, ( "error code: %i\n", result ) );
ret = mbedtls_poly1305_mac( test_keys[i],
test_data[i],
test_data_len[i],
mac );
ASSERT( 0 == ret, ( "error code: %i\n", ret ) );
ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failed (mac)\n" ) );