poly1305/sum_ppc64le.go - crypto - Git at Google

 // Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 // +build ppc64le,!gccgo,!appengine

 package poly1305

 //go:noescape
 func initialize(state *[7]uint64, key *[32]byte)

 //go:noescape
 func update(state *[7]uint64, msg []byte)

 //go:noescape
 func finalize(tag *[TagSize]byte, state *[7]uint64)

 // Sum generates an authenticator for m using a one-time key and puts the
 // 16-byte result into out. Authenticating two different messages with the same
 // key allows an attacker to forge messages at will.
 func Sum(out *[16]byte, m []byte, key *[32]byte) {
 	h := newMAC(key)
 	h.Write(m)
 	h.Sum(out)
 }

 func newMAC(key *[32]byte) (h mac) {
 	initialize(&h.state, key)
 	return
 }

 type mac struct {
 	state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }

 	buffer [TagSize]byte
 	offset int
 }

 func (h *mac) Write(p []byte) (n int, err error) {
 	n = len(p)
 	if h.offset > 0 {
 		remaining := TagSize - h.offset
 		if n < remaining {
 			h.offset += copy(h.buffer[h.offset:], p)
 			return n, nil
 		}
 		copy(h.buffer[h.offset:], p[:remaining])
 		p = p[remaining:]
 		h.offset = 0
 		update(&h.state, h.buffer[:])
 	}
 	if nn := len(p) - (len(p) % TagSize); nn > 0 {
 		update(&h.state, p[:nn])
 		p = p[nn:]
 	}
 	if len(p) > 0 {
 		h.offset += copy(h.buffer[h.offset:], p)
 	}
 	return n, nil
 }

 func (h *mac) Sum(out *[16]byte) {
 	state := h.state
 	if h.offset > 0 {
 		update(&state, h.buffer[:h.offset])
 	}
 	finalize(out, &state)
 }
	// Copyright 2019 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	// +build ppc64le,!gccgo,!appengine

	package poly1305

	//go:noescape
	func initialize(state [7]uint64, key [32]byte)

	//go:noescape
	func update(state *[7]uint64, msg []byte)

	//go:noescape
	func finalize(tag [TagSize]byte, state [7]uint64)

	// Sum generates an authenticator for m using a one-time key and puts the
	// 16-byte result into out. Authenticating two different messages with the same
	// key allows an attacker to forge messages at will.
	func Sum(out [16]byte, m []byte, key [32]byte) {
	h := newMAC(key)
	h.Write(m)
	h.Sum(out)
	}

	func newMAC(key *[32]byte) (h mac) {
	initialize(&h.state, key)
	return
	}

	type mac struct {
	state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }

	buffer [TagSize]byte
	offset int
	}

	func (h *mac) Write(p []byte) (n int, err error) {
	n = len(p)
	if h.offset > 0 {
	remaining := TagSize - h.offset
	if n < remaining {
	h.offset += copy(h.buffer[h.offset:], p)
	return n, nil
	}
	copy(h.buffer[h.offset:], p[:remaining])
	p = p[remaining:]
	h.offset = 0
	update(&h.state, h.buffer[:])
	}
	if nn := len(p) - (len(p) % TagSize); nn > 0 {
	update(&h.state, p[:nn])
	p = p[nn:]
	}
	if len(p) > 0 {
	h.offset += copy(h.buffer[h.offset:], p)
	}
	return n, nil
	}

	func (h mac) Sum(out [16]byte) {
	state := h.state
	if h.offset > 0 {
	update(&state, h.buffer[:h.offset])
	}
	finalize(out, &state)
	}