64 static void poly1305_process(mbedtls_poly1305_context *ctx,  in poly1305_process()  argument
76     r0 = ctx->r[0];  in poly1305_process()
77     r1 = ctx->r[1];  in poly1305_process()
78     r2 = ctx->r[2];  in poly1305_process()
79     r3 = ctx->r[3];  in poly1305_process()
85     acc0 = ctx->acc[0];  in poly1305_process()
86     acc1 = ctx->acc[1];  in poly1305_process()
87     acc2 = ctx->acc[2];  in poly1305_process()
88     acc3 = ctx->acc[3];  in poly1305_process()
89     acc4 = ctx->acc[4];  in poly1305_process()
157     ctx->acc[0] = acc0;  in poly1305_process()
158     ctx->acc[1] = acc1;  in poly1305_process()
159     ctx->acc[2] = acc2;  in poly1305_process()
160     ctx->acc[3] = acc3;  in poly1305_process()
161     ctx->acc[4] = acc4;  in poly1305_process()
171 static void poly1305_compute_mac(const mbedtls_poly1305_context *ctx,  in poly1305_compute_mac()  argument
180     acc0 = ctx->acc[0];  in poly1305_compute_mac()
181     acc1 = ctx->acc[1];  in poly1305_compute_mac()
182     acc2 = ctx->acc[2];  in poly1305_compute_mac()
183     acc3 = ctx->acc[3];  in poly1305_compute_mac()
184     acc4 = ctx->acc[4];  in poly1305_compute_mac()
213     d = (uint64_t) acc0 + ctx->s[0];  in poly1305_compute_mac()
215     d = (uint64_t) acc1 + ctx->s[1] + (d >> 32U);  in poly1305_compute_mac()
217     d = (uint64_t) acc2 + ctx->s[2] + (d >> 32U);  in poly1305_compute_mac()
219     acc3 += ctx->s[3] + (uint32_t) (d >> 32U);  in poly1305_compute_mac()
228 void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx)  in mbedtls_poly1305_init()  argument
230     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));  in mbedtls_poly1305_init()
233 void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx)  in mbedtls_poly1305_free()  argument
235     if (ctx == NULL) {  in mbedtls_poly1305_free()
239     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_poly1305_context));  in mbedtls_poly1305_free()
242 int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,  in mbedtls_poly1305_starts()  argument
246     ctx->r[0] = MBEDTLS_GET_UINT32_LE(key, 0)  & 0x0FFFFFFFU;  in mbedtls_poly1305_starts()
247     ctx->r[1] = MBEDTLS_GET_UINT32_LE(key, 4)  & 0x0FFFFFFCU;  in mbedtls_poly1305_starts()
248     ctx->r[2] = MBEDTLS_GET_UINT32_LE(key, 8)  & 0x0FFFFFFCU;  in mbedtls_poly1305_starts()
249     ctx->r[3] = MBEDTLS_GET_UINT32_LE(key, 12) & 0x0FFFFFFCU;  in mbedtls_poly1305_starts()
251     ctx->s[0] = MBEDTLS_GET_UINT32_LE(key, 16);  in mbedtls_poly1305_starts()
252     ctx->s[1] = MBEDTLS_GET_UINT32_LE(key, 20);  in mbedtls_poly1305_starts()
253     ctx->s[2] = MBEDTLS_GET_UINT32_LE(key, 24);  in mbedtls_poly1305_starts()
254     ctx->s[3] = MBEDTLS_GET_UINT32_LE(key, 28);  in mbedtls_poly1305_starts()
257     ctx->acc[0] = 0U;  in mbedtls_poly1305_starts()
258     ctx->acc[1] = 0U;  in mbedtls_poly1305_starts()
259     ctx->acc[2] = 0U;  in mbedtls_poly1305_starts()
260     ctx->acc[3] = 0U;  in mbedtls_poly1305_starts()
261     ctx->acc[4] = 0U;  in mbedtls_poly1305_starts()
264     mbedtls_platform_zeroize(ctx->queue, sizeof(ctx->queue));  in mbedtls_poly1305_starts()
265     ctx->queue_len = 0U;  in mbedtls_poly1305_starts()
270 int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,  in mbedtls_poly1305_update()  argument
279     if ((remaining > 0U) && (ctx->queue_len > 0U)) {  in mbedtls_poly1305_update()
280         queue_free_len = (POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);  in mbedtls_poly1305_update()
286             memcpy(&ctx->queue[ctx->queue_len],  in mbedtls_poly1305_update()
290             ctx->queue_len += ilen;  in mbedtls_poly1305_update()
295             memcpy(&ctx->queue[ctx->queue_len],  in mbedtls_poly1305_update()
299             ctx->queue_len = 0U;  in mbedtls_poly1305_update()
301             poly1305_process(ctx, 1U, ctx->queue, 1U);   /* add padding bit */  in mbedtls_poly1305_update()
311         poly1305_process(ctx, nblocks, &input[offset], 1U);  in mbedtls_poly1305_update()
319         ctx->queue_len = remaining;  in mbedtls_poly1305_update()
320         memcpy(ctx->queue, &input[offset], remaining);  in mbedtls_poly1305_update()
326 int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,  in mbedtls_poly1305_finish()  argument
330     if (ctx->queue_len > 0U) {  in mbedtls_poly1305_finish()
332         ctx->queue[ctx->queue_len] = 1U;  in mbedtls_poly1305_finish()
333         ctx->queue_len++;  in mbedtls_poly1305_finish()
336         memset(&ctx->queue[ctx->queue_len],  in mbedtls_poly1305_finish()
338                POLY1305_BLOCK_SIZE_BYTES - ctx->queue_len);  in mbedtls_poly1305_finish()
340         poly1305_process(ctx, 1U,           /* Process 1 block */  in mbedtls_poly1305_finish()
341                          ctx->queue, 0U);   /* Already padded above */  in mbedtls_poly1305_finish()
344     poly1305_compute_mac(ctx, mac);  in mbedtls_poly1305_finish()
354     mbedtls_poly1305_context ctx;  in mbedtls_poly1305_mac()  local
357     mbedtls_poly1305_init(&ctx);  in mbedtls_poly1305_mac()
359     ret = mbedtls_poly1305_starts(&ctx, key);  in mbedtls_poly1305_mac()
364     ret = mbedtls_poly1305_update(&ctx, input, ilen);  in mbedtls_poly1305_mac()
369     ret = mbedtls_poly1305_finish(&ctx, mac);  in mbedtls_poly1305_mac()
372     mbedtls_poly1305_free(&ctx);  in mbedtls_poly1305_mac()