hare

The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE

commit 1547477390abaa30c45b71f0275d49aaab89bc1f
parent 91771bc19c3d9321798a7a69e5bd67917bcb15de
Author: Armin Preiml <apreiml@strohwolke.at>
Date:   Tue, 11 Jan 2022 15:42:40 +0100

crypto::poly1305: properly fill block during write

Signed-off-by: Armin Preiml <apreiml@strohwolke.at>

Diffstat:
Mcrypto/poly1305/+test.ha | 50++++++++++++++++++++++++++++++++++++++++++++++++++
Mcrypto/poly1305/poly1305.ha | 6+++---
2 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/crypto/poly1305/+test.ha b/crypto/poly1305/+test.ha @@ -120,3 +120,53 @@ use encoding::hex; assert(bytes::equal(expected, result)); }; +@test fn writepatterns() void = { + const message: [_]u8 = [ + 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34, 0x27, 0x42, + 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1, 0x36, 0xc6, 0xb8, 0x79, + 0x5d, 0x45, 0xb3, 0x81, 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, + 0xfa, 0xf0, 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2, + 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67, 0xfa, 0x83, + 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61, 0xc4, 0xcb, 0x21, 0x09, + 0x5c, 0x1b, 0xf9, + ]; + + const expected: [_]u8 = [ + 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01, + 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b, + ]; + + const key: [32]u8 = [ + 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c, + 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07, + 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1, + 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57, + ]; + + + patternwrite(&key, message[..], expected[..], [5, 20, 38]); + patternwrite(&key, message[..], expected[..], [1, 2, 8, 10]); + patternwrite(&key, message[..], expected[..], [16, 16]); + patternwrite(&key, message[..], expected[..], [12, 4, 14, 2, 8, 8]); +}; + +fn patternwrite(key: *key, msg: []u8, expected: []u8, pattern: []uint) void = { + let p = poly1305(); + init(&p, key); + + for (let i = 0z; i < len(pattern); i += 1) { + let n = pattern[i]; + mac::write(&p, msg[..n]); + msg = msg[n..]; + }; + + if (len(msg) > 0) { + mac::write(&p, msg); + }; + + let result: [16]u8 = [0...]; + mac::sum(&p, result); + mac::finish(&p); + + assert(bytes::equal(expected, result)); +}; diff --git a/crypto/poly1305/poly1305.ha b/crypto/poly1305/poly1305.ha @@ -62,10 +62,10 @@ fn write(st: *io::stream, bbuf: const []u8) (size | io::error) = { const written = len(buf); for (len(buf) > 0) { - const n = if (len(buf) - p.cidx < BLOCKSIZE) { - yield len(buf) - p.cidx; + const n = if (len(buf) <= BLOCKSIZE - p.cidx) { + yield len(buf); } else { - yield BLOCKSIZE; + yield BLOCKSIZE - p.cidx; }; p.c[p.cidx..] = buf[..n];