Ekdohibs/zig
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ghash & poly1305: fix handling of partial blocks and add pad()

Browse Source 
pad() aligns the next input to the first byte of a block, which is
useful to implement the IETF version of ChaCha20Poly1305 and AES-GCM.
This commit is contained in:
Frank Denis 2020-10-05 23:50:38 +02:00
parent 7f7e2d608a
commit d343b75e7f
2 changed files with 29 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/std/crypto/ghash.zig
View File

@ -250,7 +250,7 @@ pub const Ghash = struct {
}
mb = mb[want..];
st.leftover += want;
if (st.leftover > block_size) {
if (st.leftover < block_size) {
return;
}
st.blocks(&st.buf);
@ -269,14 +269,21 @@ pub const Ghash = struct {
}
}
pub fn final(st: *Ghash, out: *[mac_length]u8) void {
if (st.leftover > 0) {
var i = st.leftover;
while (i < block_size) : (i += 1) {
st.buf[i] = 0;
}
st.blocks(&st.buf);
/// Zero-pad to align the next input to the first byte of a block
pub fn pad(st: *Ghash) void {
if (st.leftover == 0) {
return;
}
var i = st.leftover;
while (i < block_size) : (i += 1) {
st.buf[i] = 0;
}
st.blocks(&st.buf);
st.leftover = 0;
}
pub fn final(st: *Ghash, out: *[mac_length]u8) void {
st.pad();
mem.writeIntBig(u64, out[0..8], st.y1);
mem.writeIntBig(u64, out[8..16], st.y0);

15
lib/std/crypto/poly1305.zig
View File

@ -91,7 +91,7 @@ pub const Poly1305 = struct {
}
mb = mb[want..];
st.leftover += want;
if (st.leftover > block_size) {
if (st.leftover < block_size) {
return;
}
st.blocks(&st.buf, false);
@ -114,6 +114,19 @@ pub const Poly1305 = struct {
}
}
/// Zero-pad to align the next input to the first byte of a block
pub fn pad(st: *Poly1305) void {
if (st.leftover == 0) {
return;
}
var i = st.leftover;
while (i < block_size) : (i += 1) {
st.buf[i] = 0;
}
st.blocks(&st.buf);
st.leftover = 0;
}
pub fn final(st: *Poly1305, out: *[mac_length]u8) void {
if (st.leftover > 0) {
var i = st.leftover;