hare

The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE
commit 1547477390abaa30c45b71f0275d49aaab89bc1f
parent 91771bc19c3d9321798a7a69e5bd67917bcb15de
Author: Armin Preiml <apreiml@strohwolke.at>
Date:   Tue, 11 Jan 2022 15:42:40 +0100

crypto::poly1305: properly fill block during write

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>

Diffstat:

Mcrypto/poly1305/+test.ha | 50++++++++++++++++++++++++++++++++++++++++++++++++++


Mcrypto/poly1305/poly1305.ha | 6+++---


2 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/crypto/poly1305/+test.ha b/crypto/poly1305/+test.ha
@@ -120,3 +120,53 @@ use encoding::hex;
 	assert(bytes::equal(expected, result));
 };
 
+@test fn writepatterns() void = {
+	const message: [_]u8 = [
+		0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42,
+		0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79,
+		0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91,
+		0xfa, 0xf0, 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
+		0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, 0xfa, 0x83,
+		0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, 0xc4, 0xcb, 0x21, 0x09,
+		0x5c, 0x1b, 0xf9,
+	];
+
+	const expected: [_]u8 = [
+		0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01,
+		0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b,
+	];
+
+	const key: [32]u8 = [
+		0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
+		0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
+		0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
+		0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57,
+	];
+
+
+	patternwrite(&key, message[..], expected[..], [5, 20, 38]);
+	patternwrite(&key, message[..], expected[..], [1, 2, 8, 10]);
+	patternwrite(&key, message[..], expected[..], [16, 16]);
+	patternwrite(&key, message[..], expected[..], [12, 4, 14, 2, 8, 8]);
+};
+
+fn patternwrite(key: *key, msg: []u8, expected: []u8, pattern: []uint) void = {
+	let p = poly1305();
+	init(&p, key);
+
+	for (let i = 0z; i < len(pattern); i += 1) {
+		let n = pattern[i];
+		mac::write(&p, msg[..n]);
+		msg = msg[n..];
+	};
+
+	if (len(msg) > 0) {
+		mac::write(&p, msg);
+	};
+
+	let result: [16]u8 = [0...];
+	mac::sum(&p, result);
+	mac::finish(&p);
+
+	assert(bytes::equal(expected, result));
+};
diff --git a/crypto/poly1305/poly1305.ha b/crypto/poly1305/poly1305.ha
@@ -62,10 +62,10 @@ fn write(st: *io::stream, bbuf: const []u8) (size | io::error) = {
 	const written = len(buf);
 
 	for (len(buf) > 0) {
-		const n = if (len(buf) - p.cidx < BLOCKSIZE) {
-			yield len(buf) - p.cidx;
+		const n = if (len(buf) <= BLOCKSIZE - p.cidx) {
+			yield len(buf);
 		} else {
-			yield BLOCKSIZE;
+			yield BLOCKSIZE - p.cidx;
 		};
 
 		p.c[p.cidx..] = buf[..n];