poly1305

The Poly1305 message authentication code (docs.ppad.tech/poly1305).
git clone git://git.ppad.tech/poly1305.git
Log | Files | Refs | README | LICENSE

commit f5f6bb3c0891c14a522dde037b3dba5708ad325d
parent f6c23104c2f4f98f8696afca5850acf83193aee0
Author: Jared Tobin <jared@jtobin.io>
Date:   Mon, 10 Mar 2025 16:26:53 +0400

lib: right-pad macs with zeros if necessary

Diffstat:
Mlib/Crypto/MAC/Poly1305.hs | 10+++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/Crypto/MAC/Poly1305.hs b/lib/Crypto/MAC/Poly1305.hs @@ -42,6 +42,14 @@ unroll i = case i of m -> Just $! (fi m, m .>>. 8) {-# INLINE unroll #-} +-- little-endian bytestring encoding for 128-bit ints, right-padding +-- with zeros +unroll16 :: Integer -> BS.ByteString +unroll16 (unroll -> u@(BI.PS _ _ l)) + | l < 16 = u <> BS.replicate (16 - l) 0 + | otherwise = u +{-# INLINE unroll16 #-} + clamp :: Integer -> Integer clamp r = r .&. 0x0ffffffc0ffffffc0ffffffc0fffffff {-# INLINE clamp #-} @@ -68,7 +76,7 @@ mac key@(BI.PS _ _ kl) msg loop !acc !bs = case BS.splitAt 16 bs of (chunk@(BI.PS _ _ l), etc) - | l == 0 -> BS.take 16 (unroll (acc + s)) + | l == 0 -> BS.take 16 (unroll16 (acc + s)) | otherwise -> let !n = roll chunk .|. (0x01 .<<. (8 * l)) !nacc = r * (acc + n) `rem` p