From 216007f373bf86b5ff7399e8e41a233181800a77 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sat, 30 Nov 2013 06:08:34 +0100
Subject: generic-poly1305: cleanup

---
 src/methods/generic_poly1305/generic_poly1305.c | 37 ++++++++++++-------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/src/methods/generic_poly1305/generic_poly1305.c b/src/methods/generic_poly1305/generic_poly1305.c
index f547d5a..3517baa 100644
--- a/src/methods/generic_poly1305/generic_poly1305.c
+++ b/src/methods/generic_poly1305/generic_poly1305.c
@@ -31,7 +31,8 @@
 #include <crypto_onetimeauth_poly1305.h>
 
 
-#define AUTHBLOCKS 2
+#define KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES
+#define TAGBYTES crypto_onetimeauth_poly1305_BYTES
 
 
 struct fastd_method {
@@ -117,8 +118,8 @@ static void method_session_free(fastd_context_t *ctx UNUSED, fastd_method_sessio
 }
 
 static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
-	fastd_buffer_pull_head(ctx, &in, AUTHBLOCKS*sizeof(fastd_block128_t));
-	memset(in.data, 0, AUTHBLOCKS*sizeof(fastd_block128_t));
+	fastd_buffer_pull_head(ctx, &in, KEYBYTES);
+	memset(in.data, 0, KEYBYTES);
 
 	size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
 	*out = fastd_buffer_alloc(ctx, in.len, alignto(COMMON_HEADBYTES, 16), sizeof(fastd_block128_t)+tail_len);
@@ -141,16 +142,14 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 	bool ok = session->cipher->crypt(session->cipher_state, outblocks, inblocks, n_blocks*sizeof(fastd_block128_t), nonce);
 
 	if (!ok) {
-		/* restore original buffer */
-		fastd_buffer_push_head(ctx, &in, AUTHBLOCKS*sizeof(fastd_block128_t));
 		fastd_buffer_free(*out);
 		return false;
 	}
 
-	crypto_onetimeauth_poly1305(tag, (const uint8_t*)(outblocks+AUTHBLOCKS), in.len - AUTHBLOCKS*sizeof(fastd_block128_t), (const uint8_t*)outblocks);
+	crypto_onetimeauth_poly1305(tag, outblocks->b+KEYBYTES, in.len - KEYBYTES, outblocks->b);
 
-	fastd_buffer_push_head(ctx, out, AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES);
-	memcpy(out->data, tag, crypto_onetimeauth_poly1305_BYTES);
+	fastd_buffer_push_head(ctx, out, KEYBYTES - TAGBYTES);
+	memcpy(out->data, tag, TAGBYTES);
 
 	fastd_buffer_free(in);
 
@@ -165,7 +164,7 @@ static bool method_encrypt(fastd_context_t *ctx, fastd_peer_t *peer UNUSED, fast
 }
 
 static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_method_session_state_t *session, fastd_buffer_t *out, fastd_buffer_t in) {
-	if (in.len < COMMON_HEADBYTES+crypto_onetimeauth_poly1305_BYTES)
+	if (in.len < COMMON_HEADBYTES+TAGBYTES)
 		return false;
 
 	if (!method_session_is_valid(ctx, session))
@@ -187,10 +186,10 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 	fastd_buffer_push_head(ctx, &in, COMMON_HEADBYTES);
 
 	uint8_t tag[crypto_onetimeauth_poly1305_BYTES];
-	memcpy(tag, in.data, crypto_onetimeauth_poly1305_BYTES);
+	memcpy(tag, in.data, TAGBYTES);
 
-	fastd_buffer_pull_head(ctx, &in, AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES);
-	memset(in.data, 0, AUTHBLOCKS*sizeof(fastd_block128_t));
+	fastd_buffer_pull_head(ctx, &in, KEYBYTES - TAGBYTES);
+	memset(in.data, 0, KEYBYTES);
 
 	size_t tail_len = alignto(in.len, sizeof(fastd_block128_t))-in.len;
 	*out = fastd_buffer_alloc(ctx, in.len, 0, tail_len);
@@ -205,15 +204,15 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 		if (tail_len)
 			memset(in.data+in.len, 0, tail_len);
 
-		ok = (crypto_onetimeauth_poly1305_verify(tag, in.data+AUTHBLOCKS*sizeof(fastd_block128_t), in.len - AUTHBLOCKS*sizeof(fastd_block128_t), out->data) == 0);
+		ok = (crypto_onetimeauth_poly1305_verify(tag, in.data + KEYBYTES, in.len - KEYBYTES, out->data) == 0);
 	}
 
 	if (!ok) {
 		fastd_buffer_free(*out);
 
 		/* restore input buffer */
-		fastd_buffer_push_head(ctx, &in, AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES);
-		memcpy(in.data, tag, crypto_onetimeauth_poly1305_BYTES);
+		fastd_buffer_push_head(ctx, &in, KEYBYTES - TAGBYTES);
+		memcpy(in.data, tag, TAGBYTES);
 		fastd_buffer_pull_head(ctx, &in, COMMON_HEADBYTES);
 		memcpy(in.data, nonce, COMMON_NONCEBYTES);
 		((uint8_t*)in.data)[COMMON_NONCEBYTES] = 0;
@@ -223,7 +222,7 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 
 	fastd_buffer_free(in);
 
-	fastd_buffer_push_head(ctx, out, AUTHBLOCKS*sizeof(fastd_block128_t));
+	fastd_buffer_push_head(ctx, out, KEYBYTES);
 
 	if (!fastd_method_reorder_check(ctx, peer, &session->common, nonce, age)) {
 		fastd_buffer_free(*out);
@@ -234,9 +233,9 @@ static bool method_decrypt(fastd_context_t *ctx, fastd_peer_t *peer, fastd_metho
 }
 
 const fastd_method_provider_t fastd_method_generic_poly1305 = {
-	.max_overhead = COMMON_HEADBYTES + crypto_onetimeauth_poly1305_BYTES,
-	.min_encrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t),
-	.min_decrypt_head_space = AUTHBLOCKS*sizeof(fastd_block128_t) - crypto_onetimeauth_poly1305_BYTES,
+	.max_overhead = COMMON_HEADBYTES + TAGBYTES,
+	.min_encrypt_head_space = KEYBYTES,
+	.min_decrypt_head_space = KEYBYTES - TAGBYTES,
 	.min_encrypt_tail_space = sizeof(fastd_block128_t)-1,
 	.min_decrypt_tail_space = sizeof(fastd_block128_t)-1,
 
-- 
cgit v1.2.3