New function _nettle_poly1305_update.

7 files changed, 102 insertions, 7 deletions

diff --git a/ChangeLog b/ChangeLog
index 3dc357f6..5aaa1b1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2022-10-31  Niels Möller  <nisse@lysator.liu.se>
+
+	* md-internal.h (MD_FILL_OR_RETURN_INDEX): New macro.
+	* poly1305-update.c (_nettle_poly1305_update): New file and
+	function.
+	* poly1305-internal.h: Declare _nettle_poly1305_blocks and
+	_nettle_poly1305_update.
+	* chacha-poly1305.c (poly1305_update): Use _nettle_poly1305_update.
+	* poly1305-aes.c (poly1305_aes_update): Likewise.
+	* Makefile.in (nettle_SOURCES): Add poly1305-update.c.
+
 2022-10-13  Niels Möller  <nisse@lysator.liu.se>
 
 	* gmp-glue.c (mpn_sec_tabselect) [NETTLE_USE_MINI_GMP]: Add back
diff --git a/Makefile.in b/Makefile.in
index 86b8a536..f4069ab7 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -136,7 +136,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c aes-decrypt-table.c \
 		 nettle-meta-ciphers.c nettle-meta-hashes.c nettle-meta-macs.c \
 		 pbkdf2.c pbkdf2-hmac-gosthash94.c pbkdf2-hmac-sha1.c \
 		 pbkdf2-hmac-sha256.c pbkdf2-hmac-sha384.c pbkdf2-hmac-sha512.c \
-		 poly1305-aes.c poly1305-internal.c \
+		 poly1305-aes.c poly1305-internal.c poly1305-update.c \
 		 realloc.c \
 		 ripemd160.c ripemd160-compress.c ripemd160-meta.c \
 		 salsa20-core-internal.c salsa20-crypt-internal.c \
diff --git a/chacha-poly1305.c b/chacha-poly1305.c
index 7a423e1e..ea8b2952 100644
--- a/chacha-poly1305.c
+++ b/chacha-poly1305.c
@@ -97,7 +97,8 @@ static void
 poly1305_update (struct chacha_poly1305_ctx *ctx,
 		 size_t length, const uint8_t *data)
 {
-  MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
+  ctx->index = _nettle_poly1305_update (&(ctx)->poly1305,
+					ctx->block, ctx->index, length, data);
 }
 
 static void
diff --git a/md-internal.h b/md-internal.h
index fe520c63..a97b7b90 100644
--- a/md-internal.h
+++ b/md-internal.h
@@ -32,6 +32,8 @@
 #ifndef NETTLE_MD_INTERNAL_H_INCLUDED
 #define NETTLE_MD_INTERNAL_H_INCLUDED
 
+#include <string.h>
+
 /* Internal helper macros for Merkle-Damgård hash functions. Assumes the context
    structs includes the following fields:
 
@@ -51,7 +53,18 @@
     memcpy((ctx)->block + (ctx)->index, (data), __md_left);	\
     (data) += __md_left;					\
     (length) -= __md_left;					\
-    (ctx)->index = 0;						\
   } while(0)
 
+#define MD_FILL_OR_RETURN_INDEX(block_size, block, index, length, data)	\
+  do {									\
+    unsigned __md_left = (block_size) - (index);			\
+    if ((length) < __md_left)						\
+      {									\
+	memcpy(block + (index), (data), (length));			\
+	return (index) + (length);					\
+      }									\
+    memcpy((block) + (index), (data), __md_left);			\
+    (data) += __md_left;						\
+    (length) -= __md_left;						\
+  } while(0)
 #endif /* NETTLE_MD_INTERNAL_H_INCLUDED */
diff --git a/poly1305-aes.c b/poly1305-aes.c
index a4050254..374d5a78 100644
--- a/poly1305-aes.c
+++ b/poly1305-aes.c
@@ -56,13 +56,12 @@ poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
   memcpy (ctx->nonce, nonce, POLY1305_AES_NONCE_SIZE);
 }
 
-#define COMPRESS(ctx, data) _nettle_poly1305_block(&(ctx)->pctx, (data), 1)
-
 void
 poly1305_aes_update (struct poly1305_aes_ctx *ctx,
 		     size_t length, const uint8_t *data)
 {
-  MD_UPDATE (ctx, length, data, COMPRESS, (void) 0);
+  ctx->index = _nettle_poly1305_update (&(ctx)->pctx,
+					ctx->block, ctx->index, length, data);
 }
 
 void
diff --git a/poly1305-internal.h b/poly1305-internal.h
index 9932d524..a6afd466 100644
--- a/poly1305-internal.h
+++ b/poly1305-internal.h
@@ -53,7 +53,15 @@ void _nettle_poly1305_digest (struct poly1305_ctx *ctx, union nettle_block16 *s)
 /* Process one block. */
 void _nettle_poly1305_block (struct poly1305_ctx *ctx, const uint8_t *m,
 			     unsigned high);
-
+/* Updates CTX by hashing M, which must be an integral number of
+   blocks. For convenience, returns a pointer to the end of the
+   data. Implies 128 set on all input blocks. */
+const uint8_t *
+_nettle_poly1305_blocks (struct poly1305_ctx *ctx, size_t blocks, const uint8_t *m);
+
+unsigned
+_nettle_poly1305_update (struct poly1305_ctx *ctx, uint8_t *buffer, unsigned index,
+			 size_t length, const uint8_t *m);
 #ifdef __cplusplus
 }
 #endif
diff --git a/poly1305-update.c b/poly1305-update.c
new file mode 100644
index 00000000..fdc72558
--- /dev/null
+++ b/poly1305-update.c
@@ -0,0 +1,63 @@
+/* poly1305-update.c
+
+   Copyright (C) 2022 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "poly1305.h"
+#include "poly1305-internal.h"
+#include "md-internal.h"
+
+unsigned
+_nettle_poly1305_update (struct poly1305_ctx *ctx,
+			 uint8_t *block, unsigned index,
+			 size_t length, const uint8_t *m)
+{
+  if (index > 0)
+    {
+      /* Try to fill partial block */
+      MD_FILL_OR_RETURN_INDEX (POLY1305_BLOCK_SIZE, block, index,
+			       length, m);
+      _nettle_poly1305_block(ctx, block, 1);
+    }
+#if HAVE_NATIVE_poly1305_blocks
+  m = _nettle_poly1305_blocks (ctx, length >> 4, m);
+  length &= 15;
+#else
+  for (; length >= POLY1305_BLOCK_SIZE;
+       length -= POLY1305_BLOCK_SIZE, m += POLY1305_BLOCK_SIZE)
+    _nettle_poly1305_block (ctx, m, 1);
+#endif
+
+  memcpy (block, m, length);
+  return length;
+}