poly1305.bdscr   poly1305a.bdscr 
## poly1305.bdscr ## poly1305.bdscr
# Revision a
## Ref: "ChaCha20 and Poly1305 for IETF protocols" ## Ref: "ChaCha20 and Poly1305 for IETF protocols"
## Nir & Langley, January 19, 2015 ## Nir & Langley, January 19, 2015
## <http://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-08> ## <http://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-08>
## Section 2.5.2. Poly1305 Example and Test Vector ## Section 2.5.2. Poly1305 Example and Test Vector
# Set the constant prime "P" to be 2^130-5: # Set the constant prime "P" to be 2^130-5:
P = (1<<130) - 5 P = (1<<130) - 5
# 1361129467683753853853498429727072845819 # 1361129467683753853853498429727072845819
printf("Prime, P: %x\n", P) printf("Prime, P: %x\n", P)
# 0x3fffffffffffffffffffffffffffffffb # 0x3fffffffffffffffffffffffffffffffb
skipping to change at line 45 skipping to change at line 47
r = revbytes(r, 128/8) r = revbytes(r, 128/8)
printf("r as 128-bit number: 0x%x\n", r) printf("r as 128-bit number: 0x%x\n", r)
# clamp r # clamp r
r = r band 0x0ffffffc0ffffffc0ffffffc0fffffff r = r band 0x0ffffffc0ffffffc0ffffffc0fffffff
printf("r after clamping : 0x%x\n", r) printf("r after clamping : 0x%x\n", r)
puts( "(Correct r : 0x806d5400e52447c036d555408bed685)") puts( "(Correct r : 0x806d5400e52447c036d555408bed685)")
# Message to be Authenticated in network order # Message to be Authenticated in network order
msg = 0x43727970746f6772617068696320466f72756d2052657365617263682047726f7570 msg = 0x43727970746f6772617068696320466f72756d2052657365617263682047726f7570
mbytes = bytelen(msg) # Careful if have leading zero bytes mbytes = bytelen(msg) # Caution: hardcode this if have leading zero bytes in msg
nblocks = (mbytes + 15) / 16 nblocks = (mbytes + 15) / 16
printf("Message in network order:\n [%x]\n", msg) printf("Message in network order:\n [%x]\n", msg)
println("msg length in bytes = ", mbytes, " => ", nblocks, " blocks") println("msg length in bytes = ", mbytes, " => ", nblocks, " blocks")
# Reverse order of message bytes then take in blocks of 128 bits # Reverse order of message bytes then take in blocks of 128 bits
msg = revbytes(msg, bytelen(msg)) msg = revbytes(msg, mbytes)
!msg printf("Message in LE order:\n [%x]\n", msg)
# Use count of bytes to avoid leading zero byte issue
nleft = mbytes
# set a variable "accumulator" to zero # set a variable "accumulator" to zero
acc = 0 acc = 0
# Loop through each block of 16 bytes (128 bits) # Loop through each block of 16 bytes (128 bits)
for i in (1..nblocks) do for i in (1..nblocks) do
printf("Acc = %x\n", acc); printf("Acc = %x\n", acc);
# Get next 16 bytes from RHS
block = msg & mask128; block = msg & mask128;
printf("Block = %x\n", block); printf("Block = %x\n", block);
block = (0x01 << (bytelen(block))*8) | block; # Add leading 0x01 byte
blklen = min(nleft, 16);
nleft = nleft - blklen;
block = (0x01 << (blklen)*8) | block;
printf("Block with 0x01 byte = %x\n", block); printf("Block with 0x01 byte = %x\n", block);
# debug values # debug values
printf("Acc + block = = %x\n", acc + block); printf("Acc + block = = %x\n", acc + block);
printf("(Acc + Block) * r =\n\t%x\n", (acc + block) * r); printf("(Acc + Block) * r =\n\t%x\n", (acc + block) * r);
# do calc in one line # Do main calc in one line
acc = ((acc+block)*r) mod P; acc = ((acc+block)*r) mod P;
printf("((Acc + Block) * r) %% P = %x\n", acc); printf("((Acc + Block) * r) %% P = %x\n", acc);
# Shift message block by 16 bytes # Shift message block by 16 bytes
msg = msg >> 128; msg = msg >> 128;
done done
tag = acc + s tag = acc + s
# 905406785994486245610219399192143267496 # 905406785994486245610219399192143267496
# Tag as a little-endian number: # Tag as a little-endian number:
printf("Acc + s = %x\n", tag) printf("Acc + s = %x\n", tag)
 End of changes. 6 change blocks. 
5 lines changed or deleted 14 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/