LEFT | RIGHT |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 #ifdef FREEBL_NO_DEPEND | 5 #ifdef FREEBL_NO_DEPEND |
6 #include "stubs.h" | 6 #include "stubs.h" |
7 #endif | 7 #endif |
8 | 8 |
9 #include <string.h> | 9 #include <string.h> |
10 #include <stdio.h> | 10 #include <stdio.h> |
11 | 11 |
12 #include "seccomon.h" | 12 #include "seccomon.h" |
13 #include "secerr.h" | 13 #include "secerr.h" |
14 #include "blapit.h" | 14 #include "blapit.h" |
15 #include "poly1305/poly1305.h" | 15 #include "poly1305/poly1305.h" |
16 #include "chacha20/chacha20.h" | 16 #include "chacha20/chacha20.h" |
17 #include "chacha20poly1305.h" | 17 #include "chacha20poly1305.h" |
18 | 18 |
19 /* Poly1305Do writes the Poly1305 authenticator of the given additional data | 19 /* Poly1305Do writes the Poly1305 authenticator of the given additional data |
20 * and ciphertext to |out|. */ | 20 * and ciphertext to |out|. */ |
21 static void | 21 static void |
22 Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, | 22 Poly1305Do(unsigned char *out, const unsigned char *ad, unsigned int adLen, |
23 const unsigned char *ciphertext, unsigned int ciphertextLen, | 23 const unsigned char *ciphertext, unsigned int ciphertextLen, |
24 const unsigned char key[32]) | 24 const unsigned char key[32]) |
25 { | 25 { |
26 poly1305_state state; | 26 poly1305_state state; |
27 unsigned int j; | 27 unsigned int j; |
28 unsigned char lengthBytes[8]; | 28 unsigned char lengthBytes[8]; |
29 unsigned char zeros[15] = { 0 }; | 29 static const unsigned char zeros[15]; |
30 unsigned int i; | 30 unsigned int i; |
31 | 31 |
32 Poly1305Init(&state, key); | 32 Poly1305Init(&state, key); |
33 Poly1305Update(&state, ad, adLen); | 33 Poly1305Update(&state, ad, adLen); |
34 if (adLen % 16 > 0) { | 34 if (adLen % 16 > 0) { |
35 Poly1305Update(&state, zeros, 16 - adLen % 16); | 35 Poly1305Update(&state, zeros, 16 - adLen % 16); |
36 } | 36 } |
37 Poly1305Update(&state, ciphertext, ciphertextLen); | 37 Poly1305Update(&state, ciphertext, ciphertextLen); |
38 if (ciphertextLen % 16 > 0) { | 38 if (ciphertextLen % 16 > 0) { |
39 Poly1305Update(&state, zeros, 16 - ciphertextLen % 16); | 39 Poly1305Update(&state, zeros, 16 - ciphertextLen % 16); |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 Poly1305Do(tag, ad, adLen, input, ciphertextLen, block); | 165 Poly1305Do(tag, ad, adLen, input, ciphertextLen, block); |
166 if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) { | 166 if (NSS_SecureMemcmp(tag, &input[ciphertextLen], ctx->tagLen) != 0) { |
167 PORT_SetError(SEC_ERROR_BAD_DATA); | 167 PORT_SetError(SEC_ERROR_BAD_DATA); |
168 return SECFailure; | 168 return SECFailure; |
169 } | 169 } |
170 | 170 |
171 ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1); | 171 ChaCha20XOR(output, input, ciphertextLen, ctx->key, nonce, 1); |
172 | 172 |
173 return SECSuccess; | 173 return SECSuccess; |
174 } | 174 } |
LEFT | RIGHT |