diff options
author | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2014-12-21 17:36:59 +0200 |
---|---|---|
committer | Jussi Kivilinna <jussi.kivilinna@iki.fi> | 2014-12-23 12:51:36 +0200 |
commit | 520070e02e2e6ee7228945015573a6e1f4895ec3 (patch) | |
tree | 838fad593082d53e5b864494356048219b2268cc /cipher/cipher-internal.h | |
parent | 11b8d2d449a7bc664b4371ae14c57caa6704d272 (diff) | |
download | libgcrypt-520070e02e2e6ee7228945015573a6e1f4895ec3.tar.gz |
Poly1305-AEAD: updated implementation to match draft-irtf-cfrg-chacha20-poly1305-03
* cipher/cipher-internal.h (gcry_cipher_handle): Use separate byte
counters for AAD and data in Poly1305.
* cipher/cipher-poly1305.c (poly1305_fill_bytecount): Remove.
(poly1305_fill_bytecounts, poly1305_do_padding): New.
(poly1305_aad_finish): Fill padding to Poly1305 and do not fill AAD
length.
(_gcry_cipher_poly1305_authenticate, _gcry_cipher_poly1305_encrypt)
(_gcry_cipher_poly1305_decrypt): Update AAD and data length separately.
(_gcry_cipher_poly1305_tag): Fill padding and bytecounts to Poly1305.
(_gcry_cipher_poly1305_setkey, _gcry_cipher_poly1305_setiv): Reset
AAD and data byte counts; only allow 96-bit IV.
* cipher/cipher.c (_gcry_cipher_open_internal): Limit Poly1305-AEAD to
ChaCha20 cipher.
* tests/basic.c (_check_poly1305_cipher): Update test-vectors.
(check_ciphers): Limit Poly1305-AEAD checks to ChaCha20.
* tests/bench-slope.c (cipher_bench_one): Ditto.
--
Latest Internet-Draft version for "ChaCha20 and Poly1305 for IETF protocols"
has added additional padding to Poly1305-AEAD and limited support IV size to
96-bits:
https://www.ietf.org/rfcdiff?url1=draft-nir-cfrg-chacha20-poly1305-03&difftype=--html&submit=Go!&url2=draft-irtf-cfrg-chacha20-poly1305-03
Patch makes Poly1305-AEAD implementation to match the changes and limits
Poly1305-AEAD to ChaCha20 only.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Diffstat (limited to 'cipher/cipher-internal.h')
-rw-r--r-- | cipher/cipher-internal.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index fef0ecba..650d8133 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -163,8 +163,11 @@ struct gcry_cipher_handle /* Mode specific storage for Poly1305 mode. */ struct { - /* byte counter for AAD and data. */ - u32 bytecount[2]; + /* byte counter for AAD. */ + u32 aadcount[2]; + + /* byte counter for data. */ + u32 datacount[2]; unsigned int aad_finalized:1; unsigned int bytecount_over_limits:1; |