lib: right-pad macs with zeros if necessary - poly1305 - The Poly1305 message authentication code (docs.ppad.tech/poly1305).

commit f5f6bb3c0891c14a522dde037b3dba5708ad325d
parent f6c23104c2f4f98f8696afca5850acf83193aee0
Author: Jared Tobin <jared@jtobin.io>
Date:   Mon, 10 Mar 2025 16:26:53 +0400

lib: right-pad macs with zeros if necessary

Diffstat:
M lib/Crypto/MAC/Poly1305.hs  | 10 +++++++++-

1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/Crypto/MAC/Poly1305.hs b/lib/Crypto/MAC/Poly1305.hs
@@ -42,6 +42,14 @@ unroll i = case i of
       m -> Just $! (fi m, m .>>. 8)
 {-# INLINE unroll #-}
 
+-- little-endian bytestring encoding for 128-bit ints, right-padding
+-- with zeros
+unroll16 :: Integer -> BS.ByteString
+unroll16 (unroll -> u@(BI.PS _ _ l))
+  | l < 16 = u <> BS.replicate (16 - l) 0
+  | otherwise = u
+{-# INLINE unroll16 #-}
+
 clamp :: Integer -> Integer
 clamp r = r .&. 0x0ffffffc0ffffffc0ffffffc0fffffff
 {-# INLINE clamp #-}
@@ -68,7 +76,7 @@ mac key@(BI.PS _ _ kl) msg
 
             loop !acc !bs = case BS.splitAt 16 bs of
               (chunk@(BI.PS _ _ l), etc)
-                | l == 0 -> BS.take 16 (unroll (acc + s))
+                | l == 0 -> BS.take 16 (unroll16 (acc + s))
                 | otherwise ->
                     let !n = roll chunk .|. (0x01 .<<. (8 * l))
                         !nacc = r * (acc + n) `rem` p

	poly1305 The Poly1305 message authentication code (docs.ppad.tech/poly1305).
	git clone git://git.ppad.tech/poly1305.git
	Log \| Files \| Refs \| README \| LICENSE