xref: /freebsd/sys/opencrypto/xform_poly1305.c (revision 685dc743dc3b5645e34836464128e1c0558b404b) 
101d5de8fSConrad Meyer /* This file is in the public domain. */
201d5de8fSConrad Meyer 
301d5de8fSConrad Meyer #include <sys/cdefs.h>
401d5de8fSConrad Meyer #include <opencrypto/xform_auth.h>
501d5de8fSConrad Meyer 
601d5de8fSConrad Meyer #include <sodium/crypto_onetimeauth_poly1305.h>
701d5de8fSConrad Meyer 
801d5de8fSConrad Meyer struct poly1305_xform_ctx {
901d5de8fSConrad Meyer 	struct crypto_onetimeauth_poly1305_state state;
1001d5de8fSConrad Meyer };
1101d5de8fSConrad Meyer CTASSERT(sizeof(union authctx) >= sizeof(struct poly1305_xform_ctx));
1201d5de8fSConrad Meyer 
1301d5de8fSConrad Meyer CTASSERT(POLY1305_KEY_LEN == crypto_onetimeauth_poly1305_KEYBYTES);
1401d5de8fSConrad Meyer CTASSERT(POLY1305_HASH_LEN == crypto_onetimeauth_poly1305_BYTES);
15*47fc0495SJohn Baldwin CTASSERT(POLY1305_BLOCK_LEN == crypto_onetimeauth_poly1305_BYTES);
1601d5de8fSConrad Meyer 
17bb6e84c9SJohn Baldwin static void
xform_Poly1305_Init(void * polyctx)18bb6e84c9SJohn Baldwin xform_Poly1305_Init(void *polyctx)
1901d5de8fSConrad Meyer {
2001d5de8fSConrad Meyer 	/* Nop */
2101d5de8fSConrad Meyer }
2201d5de8fSConrad Meyer 
23bb6e84c9SJohn Baldwin static void
xform_Poly1305_Setkey(void * ctx,const uint8_t * key,u_int klen)24bb6e84c9SJohn Baldwin xform_Poly1305_Setkey(void *ctx, const uint8_t *key, u_int klen)
2501d5de8fSConrad Meyer {
26bb6e84c9SJohn Baldwin 	struct poly1305_xform_ctx *polyctx = ctx;
2701d5de8fSConrad Meyer 	int rc;
2801d5de8fSConrad Meyer 
2901d5de8fSConrad Meyer 	if (klen != POLY1305_KEY_LEN)
3001d5de8fSConrad Meyer 		panic("%s: Bogus keylen: %u bytes", __func__, (unsigned)klen);
3101d5de8fSConrad Meyer 
3201d5de8fSConrad Meyer 	rc = crypto_onetimeauth_poly1305_init(&polyctx->state, key);
3301d5de8fSConrad Meyer 	if (rc != 0)
3401d5de8fSConrad Meyer 		panic("%s: Invariant violated: %d", __func__, rc);
3501d5de8fSConrad Meyer }
3601d5de8fSConrad Meyer 
37bb6e84c9SJohn Baldwin static int
xform_Poly1305_Update(void * ctx,const void * data,u_int len)38bb6e84c9SJohn Baldwin xform_Poly1305_Update(void *ctx, const void *data, u_int len)
3901d5de8fSConrad Meyer {
40bb6e84c9SJohn Baldwin 	struct poly1305_xform_ctx *polyctx = ctx;
4101d5de8fSConrad Meyer 	int rc;
4201d5de8fSConrad Meyer 
4301d5de8fSConrad Meyer 	rc = crypto_onetimeauth_poly1305_update(&polyctx->state, data, len);
4401d5de8fSConrad Meyer 	if (rc != 0)
4501d5de8fSConrad Meyer 		panic("%s: Invariant violated: %d", __func__, rc);
4601d5de8fSConrad Meyer 	return (0);
4701d5de8fSConrad Meyer }
4801d5de8fSConrad Meyer 
49bb6e84c9SJohn Baldwin static void
xform_Poly1305_Final(uint8_t * digest,void * ctx)50bb6e84c9SJohn Baldwin xform_Poly1305_Final(uint8_t *digest, void *ctx)
5101d5de8fSConrad Meyer {
52bb6e84c9SJohn Baldwin 	struct poly1305_xform_ctx *polyctx = ctx;
5301d5de8fSConrad Meyer 	int rc;
5401d5de8fSConrad Meyer 
5501d5de8fSConrad Meyer 	rc = crypto_onetimeauth_poly1305_final(&polyctx->state, digest);
5601d5de8fSConrad Meyer 	if (rc != 0)
5701d5de8fSConrad Meyer 		panic("%s: Invariant violated: %d", __func__, rc);
5801d5de8fSConrad Meyer }
5901d5de8fSConrad Meyer 
60d8787d4fSMark Johnston const struct auth_hash auth_hash_poly1305 = {
6101d5de8fSConrad Meyer 	.type = CRYPTO_POLY1305,
6201d5de8fSConrad Meyer 	.name = "Poly-1305",
6301d5de8fSConrad Meyer 	.keysize = POLY1305_KEY_LEN,
6401d5de8fSConrad Meyer 	.hashsize = POLY1305_HASH_LEN,
6501d5de8fSConrad Meyer 	.ctxsize = sizeof(struct poly1305_xform_ctx),
66*47fc0495SJohn Baldwin 	.blocksize = POLY1305_BLOCK_LEN,
67bb6e84c9SJohn Baldwin 	.Init = xform_Poly1305_Init,
6801d5de8fSConrad Meyer 	.Setkey = xform_Poly1305_Setkey,
6901d5de8fSConrad Meyer 	.Update = xform_Poly1305_Update,
7001d5de8fSConrad Meyer 	.Final = xform_Poly1305_Final,
7101d5de8fSConrad Meyer };
72