void
chacha_poly1305_digest (struct chacha_poly1305_ctx *ctx,
size_t length, uint8_t *digest)
{
uint8_t buf[8];
if (!ctx->data_size)
{
LE_WRITE_UINT64 (buf, ctx->auth_size);
poly1305_update (ctx, sizeof(buf), buf);
}
LE_WRITE_UINT64 (buf, ctx->data_size);
poly1305_update (ctx, sizeof(buf), buf);
/* Final bytes. FIXME: Duplicated in poly1305_aes128.c */
if (ctx->index > 0)
{
assert (ctx->index < POLY1305_BLOCK_SIZE);
ctx->block[ctx->index] = 1;
memset (ctx->block + ctx->index + 1,
0, POLY1305_BLOCK_SIZE - 1 - ctx->index);
_poly1305_block (&ctx->poly1305, ctx->block, 0);
}
poly1305_digest (&ctx->poly1305, &ctx->s);
memcpy (digest, &ctx->s.b, length);
}
static void
poly1305_pad (struct chacha_poly1305_ctx *ctx)
{
if (ctx->index)
{
memset (ctx->block + ctx->index, 0,
POLY1305_BLOCK_SIZE - ctx->index);
_poly1305_block(&ctx->poly1305, ctx->block, 1);
ctx->index = 0;
}
}
void
chacha_poly1305_digest (struct chacha_poly1305_ctx *ctx,
size_t length, uint8_t *digest)
{
uint8_t buf[16];
poly1305_pad (ctx);
LE_WRITE_UINT64 (buf, ctx->auth_size);
LE_WRITE_UINT64 (buf + 8, ctx->data_size);
_poly1305_block (&ctx->poly1305, buf, 1);
poly1305_digest (&ctx->poly1305, &ctx->s);
memcpy (digest, &ctx->s.b, length);
}
