12 #define CONSTANT_TIME_CARRY(a,b) ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1)) 21 m_cipher.SetKey(key, length);
38 std::memcpy(m_nk.begin(), t.
begin(), m_nk.size());
39 m_cipher.ProcessBlock(m_nk.begin());
58 size_t rem, num = m_idx;
61 rem = BLOCKSIZE - num;
65 memcpy_s(m_acc + num, BLOCKSIZE - num, input, rem);
66 HashBlocks(m_acc, BLOCKSIZE, 1);
73 memcpy_s(m_acc + num, BLOCKSIZE - num, input, length);
79 rem = length % BLOCKSIZE;
82 if (length >= BLOCKSIZE) {
83 HashBlocks(input, length, 1);
88 memcpy(m_acc, input, rem);
96 word32 r0, r1, r2, r3;
98 word32 h0, h1, h2, h3, h4, c;
99 word64 d0, d1, d2, d3;
101 r0 = m_r[0]; r1 = m_r[1];
102 r2 = m_r[2]; r3 = m_r[3];
108 h0 = m_h[0]; h1 = m_h[1]; h2 = m_h[2];
109 h3 = m_h[3]; h4 = m_h[4];
111 while (length >= BLOCKSIZE)
115 h1 = (word32)(d1 = (word64)h1 + (d0 >> 32) + GetWord<word32>(
false,
LITTLE_ENDIAN_ORDER, input + 4));
116 h2 = (word32)(d2 = (word64)h2 + (d1 >> 32) + GetWord<word32>(
false,
LITTLE_ENDIAN_ORDER, input + 8));
117 h3 = (word32)(d3 = (word64)h3 + (d2 >> 32) + GetWord<word32>(
false,
LITTLE_ENDIAN_ORDER, input + 12));
118 h4 += (word32)(d3 >> 32) + padbit;
121 d0 = ((word64)h0 * r0) +
125 d1 = ((word64)h0 * r1) +
130 d2 = ((word64)h0 * r2) +
135 d3 = ((word64)h0 * r3) +
144 h1 = (word32)(d1 += d0 >> 32);
145 h2 = (word32)(d2 += d1 >> 32);
146 h3 = (word32)(d3 += d2 >> 32);
147 h4 += (word32)(d3 >> 32);
150 c = (h4 >> 2) + (h4 & ~3U);
153 h1 += (c = CONSTANT_TIME_CARRY(h0,c));
154 h2 += (c = CONSTANT_TIME_CARRY(h1,c));
155 h3 += (c = CONSTANT_TIME_CARRY(h2,c));
156 h4 += CONSTANT_TIME_CARRY(h3,c);
162 m_h[0] = h0; m_h[1] = h1; m_h[2] = h2;
163 m_h[3] = h3; m_h[4] = h4;
172 ThrowIfInvalidTruncatedSize(size);
178 while (num < BLOCKSIZE)
180 HashBlocks(m_acc, BLOCKSIZE, 0);
183 HashFinal(mac, size);
193 word32 h0, h1, h2, h3, h4;
194 word32 g0, g1, g2, g3, g4;
205 g0 = (word32)(t = (word64)h0 + 5);
206 g1 = (word32)(t = (word64)h1 + (t >> 32));
207 g2 = (word32)(t = (word64)h2 + (t >> 32));
208 g3 = (word32)(t = (word64)h3 + (t >> 32));
209 g4 = h4 + (word32)(t >> 32);
212 mask = 0 - (g4 >> 2);
213 g0 &= mask; g1 &= mask;
214 g2 &= mask; g3 &= mask;
216 h0 = (h0 & mask) | g0; h1 = (h1 & mask) | g1;
217 h2 = (h2 & mask) | g2; h3 = (h3 & mask) | g3;
220 h0 = (word32)(t = (word64)h0 + m_n[0]);
221 h1 = (word32)(t = (word64)h1 + (t >> 32) + m_n[1]);
222 h2 = (word32)(t = (word64)h2 + (t >> 32) + m_n[2]);
223 h3 = (word32)(t = (word64)h3 + (t >> 32) + m_n[3]);
225 if (size >= BLOCKSIZE)
239 memcpy(mac, m, size);
247 nonceLength == -1 ? nonceLength = BLOCKSIZE : nonceLength;
260 m_h[0] = m_h[1] = m_h[2] = m_h[3] = m_h[4] = 0;
Used to pass byte array input as part of a NameValuePairs object.
Poly1305 message authentication code base class.
virtual void GenerateBlock(byte *output, size_t size)
Generate random array of bytes.
size_t size() const
Length of the memory block.
Abstract base classes that provide a uniform interface to this library.
void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count)
Bounds checking replacement for memcpy()
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms)
Sets the key for this object without performing parameter validation.
Interface for random number generators.
byte order is little-endian
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
const byte * begin() const
Pointer to the first byte in the memory block.
AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed=true)
Create an object that implements NameValuePairs.
Class file for the AES cipher (Rijndael)
T1 SaturatingSubtract(const T1 &a, const T2 &b)
Performs a saturating subtract clamped at 0.
void Resynchronize(const byte *iv, int ivLength=-1)
Resynchronize with an IV.
Poly1305 message authentication code.
void GetNextIV(RandomNumberGenerator &rng, byte *iv)
Retrieves a secure IV for the next message.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Functions for CPU features and intrinsics.
const char * IV()
ConstByteArrayParameter, also accepts const byte * for backwards compatibility.
Crypto++ library namespace.
Classes for Poly1305 message authentication code.
bool GetValue(const char *name, T &value) const
Get a named value.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
void Restart()
Restart the hash.
Interface for retrieving values given their names.