Zero-padding API function for Poly1305

2025-01-18 04:33:12 -08:00 · 2015-03-31 13:16:55 +10:00 · 2015-03-31 13:16:55 +10:00 · 68f27bf912
commit 68f27bf912
parent a8e7932130
2 changed files with 18 additions and 1 deletions
--- a/libraries/Crypto/Poly1305.cpp
+++ b/libraries/Crypto/Poly1305.cpp
@ -138,7 +138,7 @@ void Poly1305::reset(const void *key)
 * If finalize() has already been called, then the behavior of update() will
 * be undefined.  Call reset() first to start a new authentication process.
 *
- * \sa reset(), finalize()
+ * \sa pad(), reset(), finalize()
 */
 void Poly1305::update(const void *data, size_t len)
 {
@ -243,6 +243,21 @@ void Poly1305::finalize(const void *nonce, void *token, size_t len)
    memcpy(token, state.h, len);
 }

+/**
+ * \brief Pads the input stream with zero bytes to a multiple of 16.
+ *
+ * \sa update()
+ */
+void Poly1305::pad()
+{
+    if (state.chunkSize != 0) {
+        memset(((uint8_t *)state.c) + state.chunkSize, 0, 16 - state.chunkSize);
+        state.c[NUM_LIMBS_128BIT] = 1;
+        processChunk();
+        state.chunkSize = 0;
+    }
+}
+
 /**
 * \brief Clears the authenticator's state, removing all sensitive data.
 */
--- a/libraries/Crypto/Poly1305.h
+++ b/libraries/Crypto/Poly1305.h
@ -36,6 +36,8 @@ public:
    void update(const void *data, size_t len);
    void finalize(const void *nonce, void *token, size_t len);

+    void pad();
+
    void clear();

 private: