10ac341f1SConrad Meyer 
20ac341f1SConrad Meyer #include "onetimeauth_poly1305.h"
30ac341f1SConrad Meyer #include "crypto_onetimeauth_poly1305.h"
40ac341f1SConrad Meyer #include "private/common.h"
50ac341f1SConrad Meyer #include "private/implementations.h"
60ac341f1SConrad Meyer #include "randombytes.h"
70ac341f1SConrad Meyer #include "runtime.h"
80ac341f1SConrad Meyer 
90ac341f1SConrad Meyer #include "donna/poly1305_donna.h"
100ac341f1SConrad Meyer #if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H)
110ac341f1SConrad Meyer # include "sse2/poly1305_sse2.h"
120ac341f1SConrad Meyer #endif
130ac341f1SConrad Meyer 
140ac341f1SConrad Meyer static const crypto_onetimeauth_poly1305_implementation *implementation =
150ac341f1SConrad Meyer     &crypto_onetimeauth_poly1305_donna_implementation;
160ac341f1SConrad Meyer 
170ac341f1SConrad Meyer int
crypto_onetimeauth_poly1305(unsigned char * out,const unsigned char * in,unsigned long long inlen,const unsigned char * k)180ac341f1SConrad Meyer crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in,
190ac341f1SConrad Meyer                             unsigned long long inlen, const unsigned char *k)
200ac341f1SConrad Meyer {
210ac341f1SConrad Meyer     return implementation->onetimeauth(out, in, inlen, k);
220ac341f1SConrad Meyer }
230ac341f1SConrad Meyer 
240ac341f1SConrad Meyer int
crypto_onetimeauth_poly1305_verify(const unsigned char * h,const unsigned char * in,unsigned long long inlen,const unsigned char * k)250ac341f1SConrad Meyer crypto_onetimeauth_poly1305_verify(const unsigned char *h,
260ac341f1SConrad Meyer                                    const unsigned char *in,
270ac341f1SConrad Meyer                                    unsigned long long   inlen,
280ac341f1SConrad Meyer                                    const unsigned char *k)
290ac341f1SConrad Meyer {
300ac341f1SConrad Meyer     return implementation->onetimeauth_verify(h, in, inlen, k);
310ac341f1SConrad Meyer }
320ac341f1SConrad Meyer 
330ac341f1SConrad Meyer int
crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state * state,const unsigned char * key)340ac341f1SConrad Meyer crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state,
350ac341f1SConrad Meyer                                  const unsigned char *key)
360ac341f1SConrad Meyer {
370ac341f1SConrad Meyer     return implementation->onetimeauth_init(state, key);
380ac341f1SConrad Meyer }
390ac341f1SConrad Meyer 
400ac341f1SConrad Meyer int
crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state * state,const unsigned char * in,unsigned long long inlen)410ac341f1SConrad Meyer crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state,
420ac341f1SConrad Meyer                                    const unsigned char *in,
430ac341f1SConrad Meyer                                    unsigned long long inlen)
440ac341f1SConrad Meyer {
450ac341f1SConrad Meyer     return implementation->onetimeauth_update(state, in, inlen);
460ac341f1SConrad Meyer }
470ac341f1SConrad Meyer 
480ac341f1SConrad Meyer int
crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state * state,unsigned char * out)490ac341f1SConrad Meyer crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
500ac341f1SConrad Meyer                                   unsigned char *out)
510ac341f1SConrad Meyer {
520ac341f1SConrad Meyer     return implementation->onetimeauth_final(state, out);
530ac341f1SConrad Meyer }
540ac341f1SConrad Meyer 
550ac341f1SConrad Meyer size_t
crypto_onetimeauth_poly1305_bytes(void)560ac341f1SConrad Meyer crypto_onetimeauth_poly1305_bytes(void)
570ac341f1SConrad Meyer {
580ac341f1SConrad Meyer     return crypto_onetimeauth_poly1305_BYTES;
590ac341f1SConrad Meyer }
600ac341f1SConrad Meyer 
610ac341f1SConrad Meyer size_t
crypto_onetimeauth_poly1305_keybytes(void)620ac341f1SConrad Meyer crypto_onetimeauth_poly1305_keybytes(void)
630ac341f1SConrad Meyer {
640ac341f1SConrad Meyer     return crypto_onetimeauth_poly1305_KEYBYTES;
650ac341f1SConrad Meyer }
660ac341f1SConrad Meyer 
670ac341f1SConrad Meyer size_t
crypto_onetimeauth_poly1305_statebytes(void)680ac341f1SConrad Meyer crypto_onetimeauth_poly1305_statebytes(void)
690ac341f1SConrad Meyer {
700ac341f1SConrad Meyer     return sizeof(crypto_onetimeauth_poly1305_state);
710ac341f1SConrad Meyer }
720ac341f1SConrad Meyer 
730ac341f1SConrad Meyer void
crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])740ac341f1SConrad Meyer crypto_onetimeauth_poly1305_keygen(
750ac341f1SConrad Meyer     unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
760ac341f1SConrad Meyer {
770ac341f1SConrad Meyer     randombytes_buf(k, crypto_onetimeauth_poly1305_KEYBYTES);
780ac341f1SConrad Meyer }
790ac341f1SConrad Meyer 
800ac341f1SConrad Meyer int
_crypto_onetimeauth_poly1305_pick_best_implementation(void)810ac341f1SConrad Meyer _crypto_onetimeauth_poly1305_pick_best_implementation(void)
820ac341f1SConrad Meyer {
830ac341f1SConrad Meyer     implementation = &crypto_onetimeauth_poly1305_donna_implementation;
840ac341f1SConrad Meyer #if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H)
850ac341f1SConrad Meyer     if (sodium_runtime_has_sse2()) {
860ac341f1SConrad Meyer         implementation = &crypto_onetimeauth_poly1305_sse2_implementation;
870ac341f1SConrad Meyer     }
880ac341f1SConrad Meyer #endif
890ac341f1SConrad Meyer     return 0;
900ac341f1SConrad Meyer }
91