1 /* This file is in the public domain. */
6 #include <opencrypto/xform_auth.h>
7 #include <opencrypto/xform_poly1305.h>
9 #include <sodium/crypto_onetimeauth_poly1305.h>
11 struct poly1305_xform_ctx {
12 struct crypto_onetimeauth_poly1305_state state;
14 CTASSERT(sizeof(union authctx) >= sizeof(struct poly1305_xform_ctx));
16 CTASSERT(POLY1305_KEY_LEN == crypto_onetimeauth_poly1305_KEYBYTES);
17 CTASSERT(POLY1305_HASH_LEN == crypto_onetimeauth_poly1305_BYTES);
20 Poly1305_Init(void *polyctx)
26 Poly1305_Setkey(struct poly1305_xform_ctx *polyctx,
27 const uint8_t key[__min_size(POLY1305_KEY_LEN)], size_t klen)
31 if (klen != POLY1305_KEY_LEN)
32 panic("%s: Bogus keylen: %u bytes", __func__, (unsigned)klen);
34 rc = crypto_onetimeauth_poly1305_init(&polyctx->state, key);
36 panic("%s: Invariant violated: %d", __func__, rc);
40 xform_Poly1305_Setkey(void *ctx, const uint8_t *key, u_int klen)
42 Poly1305_Setkey(ctx, key, klen);
46 Poly1305_Update(struct poly1305_xform_ctx *polyctx, const void *data,
51 rc = crypto_onetimeauth_poly1305_update(&polyctx->state, data, len);
53 panic("%s: Invariant violated: %d", __func__, rc);
58 xform_Poly1305_Update(void *ctx, const void *data, u_int len)
60 return (Poly1305_Update(ctx, data, len));
64 Poly1305_Final(uint8_t digest[__min_size(POLY1305_HASH_LEN)],
65 struct poly1305_xform_ctx *polyctx)
69 rc = crypto_onetimeauth_poly1305_final(&polyctx->state, digest);
71 panic("%s: Invariant violated: %d", __func__, rc);
75 xform_Poly1305_Final(uint8_t *digest, void *ctx)
77 Poly1305_Final(digest, ctx);
80 struct auth_hash auth_hash_poly1305 = {
81 .type = CRYPTO_POLY1305,
83 .keysize = POLY1305_KEY_LEN,
84 .hashsize = POLY1305_HASH_LEN,
85 .ctxsize = sizeof(struct poly1305_xform_ctx),
86 .blocksize = crypto_onetimeauth_poly1305_BYTES,
87 .Init = Poly1305_Init,
88 .Setkey = xform_Poly1305_Setkey,
89 .Update = xform_Poly1305_Update,
90 .Final = xform_Poly1305_Final,