Update to libtomcrypt 1.18.1, merged with Dropbear changes

author: Matt Johnston <matt@ucc.asn.au> 2018-02-09 21:44:05 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2018-02-09 21:44:05 +0800
commit: 4f2eb1914bdac3ed3ee504ad86061281dbe0d074 (patch)
tree: 078293375c3f3ee2d485cf9559a08d65d460786a /libtomcrypt/src/mac/poly1305
parent: d72f50ff3284e15124a0f233c26339229fe305ac (diff)
5 files changed, 532 insertions, 0 deletions
diff --git a/libtomcrypt/src/mac/poly1305/poly1305.c b/libtomcrypt/src/mac/poly1305/poly1305.c
new file mode 100644
index 0000000..f709f72
--- /dev/null
+++ b/libtomcrypt/src/mac/poly1305/poly1305.c
@@ -0,0 +1,268 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * Public Domain poly1305 from Andrew Moon
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_POLY1305
+
+/* internal only */
+static void _poly1305_block(poly1305_state *st, const unsigned char *in, unsigned long inlen)
+{
+   const unsigned long hibit = (st->final) ? 0 : (1UL << 24); /* 1 << 128 */
+   ulong32 r0,r1,r2,r3,r4;
+   ulong32 s1,s2,s3,s4;
+   ulong32 h0,h1,h2,h3,h4;
+   ulong32 tmp;
+   ulong64 d0,d1,d2,d3,d4;
+   ulong32 c;
+
+   r0 = st->r[0];
+   r1 = st->r[1];
+   r2 = st->r[2];
+   r3 = st->r[3];
+   r4 = st->r[4];
+
+   s1 = r1 * 5;
+   s2 = r2 * 5;
+   s3 = r3 * 5;
+   s4 = r4 * 5;
+
+   h0 = st->h[0];
+   h1 = st->h[1];
+   h2 = st->h[2];
+   h3 = st->h[3];
+   h4 = st->h[4];
+
+   while (inlen >= 16) {
+      /* h += in[i] */
+      LOAD32L(tmp, in+ 0); h0 += (tmp     ) & 0x3ffffff;
+      LOAD32L(tmp, in+ 3); h1 += (tmp >> 2) & 0x3ffffff;
+      LOAD32L(tmp, in+ 6); h2 += (tmp >> 4) & 0x3ffffff;
+      LOAD32L(tmp, in+ 9); h3 += (tmp >> 6) & 0x3ffffff;
+      LOAD32L(tmp, in+12); h4 += (tmp >> 8) | hibit;
+
+      /* h *= r */
+      d0 = ((ulong64)h0 * r0) + ((ulong64)h1 * s4) + ((ulong64)h2 * s3) + ((ulong64)h3 * s2) + ((ulong64)h4 * s1);
+      d1 = ((ulong64)h0 * r1) + ((ulong64)h1 * r0) + ((ulong64)h2 * s4) + ((ulong64)h3 * s3) + ((ulong64)h4 * s2);
+      d2 = ((ulong64)h0 * r2) + ((ulong64)h1 * r1) + ((ulong64)h2 * r0) + ((ulong64)h3 * s4) + ((ulong64)h4 * s3);
+      d3 = ((ulong64)h0 * r3) + ((ulong64)h1 * r2) + ((ulong64)h2 * r1) + ((ulong64)h3 * r0) + ((ulong64)h4 * s4);
+      d4 = ((ulong64)h0 * r4) + ((ulong64)h1 * r3) + ((ulong64)h2 * r2) + ((ulong64)h3 * r1) + ((ulong64)h4 * r0);
+
+      /* (partial) h %= p */
+                    c = (ulong32)(d0 >> 26); h0 = (ulong32)d0 & 0x3ffffff;
+      d1 += c;      c = (ulong32)(d1 >> 26); h1 = (ulong32)d1 & 0x3ffffff;
+      d2 += c;      c = (ulong32)(d2 >> 26); h2 = (ulong32)d2 & 0x3ffffff;
+      d3 += c;      c = (ulong32)(d3 >> 26); h3 = (ulong32)d3 & 0x3ffffff;
+      d4 += c;      c = (ulong32)(d4 >> 26); h4 = (ulong32)d4 & 0x3ffffff;
+      h0 += c * 5;  c =          (h0 >> 26); h0 =          h0 & 0x3ffffff;
+      h1 += c;
+
+      in += 16;
+      inlen -= 16;
+   }
+
+   st->h[0] = h0;
+   st->h[1] = h1;
+   st->h[2] = h2;
+   st->h[3] = h3;
+   st->h[4] = h4;
+}
+
+/**
+   Initialize an POLY1305 context.
+   @param st       The POLY1305 state
+   @param key      The secret key
+   @param keylen   The length of the secret key (octets)
+   @return CRYPT_OK if successful
+*/
+int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen)
+{
+   LTC_ARGCHK(st  != NULL);
+   LTC_ARGCHK(key != NULL);
+   LTC_ARGCHK(keylen == 32);
+
+   /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+   LOAD32L(st->r[0], key +  0); st->r[0] = (st->r[0]     ) & 0x3ffffff;
+   LOAD32L(st->r[1], key +  3); st->r[1] = (st->r[1] >> 2) & 0x3ffff03;
+   LOAD32L(st->r[2], key +  6); st->r[2] = (st->r[2] >> 4) & 0x3ffc0ff;
+   LOAD32L(st->r[3], key +  9); st->r[3] = (st->r[3] >> 6) & 0x3f03fff;
+   LOAD32L(st->r[4], key + 12); st->r[4] = (st->r[4] >> 8) & 0x00fffff;
+
+   /* h = 0 */
+   st->h[0] = 0;
+   st->h[1] = 0;
+   st->h[2] = 0;
+   st->h[3] = 0;
+   st->h[4] = 0;
+
+   /* save pad for later */
+   LOAD32L(st->pad[0], key + 16);
+   LOAD32L(st->pad[1], key + 20);
+   LOAD32L(st->pad[2], key + 24);
+   LOAD32L(st->pad[3], key + 28);
+
+   st->leftover = 0;
+   st->final = 0;
+   return CRYPT_OK;
+}
+
+/**
+  Process data through POLY1305
+  @param st      The POLY1305 state
+  @param in      The data to send through HMAC
+  @param inlen   The length of the data to HMAC (octets)
+  @return CRYPT_OK if successful
+*/
+int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen)
+{
+   unsigned long i;
+
+   if (inlen == 0) return CRYPT_OK; /* nothing to do */
+   LTC_ARGCHK(st != NULL);
+   LTC_ARGCHK(in != NULL);
+
+   /* handle leftover */
+   if (st->leftover) {
+      unsigned long want = (16 - st->leftover);
+      if (want > inlen) want = inlen;
+      for (i = 0; i < want; i++) st->buffer[st->leftover + i] = in[i];
+      inlen -= want;
+      in += want;
+      st->leftover += want;
+      if (st->leftover < 16) return CRYPT_OK;
+      _poly1305_block(st, st->buffer, 16);
+      st->leftover = 0;
+   }
+
+   /* process full blocks */
+   if (inlen >= 16) {
+      unsigned long want = (inlen & ~(16 - 1));
+      _poly1305_block(st, in, want);
+      in += want;
+      inlen -= want;
+   }
+
+   /* store leftover */
+   if (inlen) {
+      for (i = 0; i < inlen; i++) st->buffer[st->leftover + i] = in[i];
+      st->leftover += inlen;
+   }
+   return CRYPT_OK;
+}
+
+/**
+   Terminate a POLY1305 session
+   @param st      The POLY1305 state
+   @param mac     [out] The destination of the POLY1305 authentication tag
+   @param maclen  [in/out]  The max size and resulting size of the POLY1305 authentication tag
+   @return CRYPT_OK if successful
+*/
+int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen)
+{
+   ulong32 h0,h1,h2,h3,h4,c;
+   ulong32 g0,g1,g2,g3,g4;
+   ulong64 f;
+   ulong32 mask;
+
+   LTC_ARGCHK(st     != NULL);
+   LTC_ARGCHK(mac    != NULL);
+   LTC_ARGCHK(maclen != NULL);
+   LTC_ARGCHK(*maclen >= 16);
+
+   /* process the remaining block */
+   if (st->leftover) {
+      unsigned long i = st->leftover;
+      st->buffer[i++] = 1;
+      for (; i < 16; i++) st->buffer[i] = 0;
+      st->final = 1;
+      _poly1305_block(st, st->buffer, 16);
+   }
+
+   /* fully carry h */
+   h0 = st->h[0];
+   h1 = st->h[1];
+   h2 = st->h[2];
+   h3 = st->h[3];
+   h4 = st->h[4];
+
+                c = h1 >> 26; h1 = h1 & 0x3ffffff;
+   h2 +=     c; c = h2 >> 26; h2 = h2 & 0x3ffffff;
+   h3 +=     c; c = h3 >> 26; h3 = h3 & 0x3ffffff;
+   h4 +=     c; c = h4 >> 26; h4 = h4 & 0x3ffffff;
+   h0 += c * 5; c = h0 >> 26; h0 = h0 & 0x3ffffff;
+   h1 +=     c;
+
+   /* compute h + -p */
+   g0 = h0 + 5; c = g0 >> 26; g0 &= 0x3ffffff;
+   g1 = h1 + c; c = g1 >> 26; g1 &= 0x3ffffff;
+   g2 = h2 + c; c = g2 >> 26; g2 &= 0x3ffffff;
+   g3 = h3 + c; c = g3 >> 26; g3 &= 0x3ffffff;
+   g4 = h4 + c - (1UL << 26);
+
+   /* select h if h < p, or h + -p if h >= p */
+   mask = (g4 >> 31) - 1;
+   g0 &= mask;
+   g1 &= mask;
+   g2 &= mask;
+   g3 &= mask;
+   g4 &= mask;
+   mask = ~mask;
+   h0 = (h0 & mask) | g0;
+   h1 = (h1 & mask) | g1;
+   h2 = (h2 & mask) | g2;
+   h3 = (h3 & mask) | g3;
+   h4 = (h4 & mask) | g4;
+
+   /* h = h % (2^128) */
+   h0 = ((h0      ) | (h1 << 26)) & 0xffffffff;
+   h1 = ((h1 >>  6) | (h2 << 20)) & 0xffffffff;
+   h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff;
+   h3 = ((h3 >> 18) | (h4 <<  8)) & 0xffffffff;
+
+   /* mac = (h + pad) % (2^128) */
+   f = (ulong64)h0 + st->pad[0]            ; h0 = (ulong32)f;
+   f = (ulong64)h1 + st->pad[1] + (f >> 32); h1 = (ulong32)f;
+   f = (ulong64)h2 + st->pad[2] + (f >> 32); h2 = (ulong32)f;
+   f = (ulong64)h3 + st->pad[3] + (f >> 32); h3 = (ulong32)f;
+
+   STORE32L(h0, mac +  0);
+   STORE32L(h1, mac +  4);
+   STORE32L(h2, mac +  8);
+   STORE32L(h3, mac + 12);
+
+   /* zero out the state */
+   st->h[0] = 0;
+   st->h[1] = 0;
+   st->h[2] = 0;
+   st->h[3] = 0;
+   st->h[4] = 0;
+   st->r[0] = 0;
+   st->r[1] = 0;
+   st->r[2] = 0;
+   st->r[3] = 0;
+   st->r[4] = 0;
+   st->pad[0] = 0;
+   st->pad[1] = 0;
+   st->pad[2] = 0;
+   st->pad[3] = 0;
+
+   *maclen = 16;
+   return CRYPT_OK;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/libtomcrypt/src/mac/poly1305/poly1305_file.c b/libtomcrypt/src/mac/poly1305/poly1305_file.c
new file mode 100644
index 0000000..7726305
--- /dev/null
+++ b/libtomcrypt/src/mac/poly1305/poly1305_file.c
@@ -0,0 +1,88 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * Public Domain poly1305 from Andrew Moon
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_POLY1305
+
+/**
+  POLY1305 a file
+  @param fname    The name of the file you wish to POLY1305
+  @param key      The secret key
+  @param keylen   The length of the secret key
+  @param mac      [out] The POLY1305 authentication tag
+  @param maclen   [in/out]  The max size and resulting size of the authentication tag
+  @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled
+*/
+int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen)
+{
+#ifdef LTC_NO_FILE
+   return CRYPT_NOP;
+#else
+   poly1305_state st;
+   FILE *in;
+   unsigned char *buf;
+   size_t x;
+   int err;
+
+   LTC_ARGCHK(fname  != NULL);
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(mac    != NULL);
+   LTC_ARGCHK(maclen != NULL);
+
+   if ((buf = XMALLOC(LTC_FILE_READ_BUFSIZE)) == NULL) {
+      return CRYPT_MEM;
+   }
+
+   if ((err = poly1305_init(&st, key, keylen)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
+   in = fopen(fname, "rb");
+   if (in == NULL) {
+      err = CRYPT_FILE_NOTFOUND;
+      goto LBL_ERR;
+   }
+
+   do {
+      x = fread(buf, 1, LTC_FILE_READ_BUFSIZE, in);
+      if ((err = poly1305_process(&st, buf, (unsigned long)x)) != CRYPT_OK) {
+         fclose(in);
+         goto LBL_CLEANBUF;
+      }
+   } while (x == LTC_FILE_READ_BUFSIZE);
+
+   if (fclose(in) != 0) {
+      err = CRYPT_ERROR;
+      goto LBL_CLEANBUF;
+   }
+
+   err = poly1305_done(&st, mac, maclen);
+
+LBL_CLEANBUF:
+   zeromem(buf, LTC_FILE_READ_BUFSIZE);
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(&st, sizeof(poly1305_state));
+#endif
+   XFREE(buf);
+   return err;
+#endif
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/libtomcrypt/src/mac/poly1305/poly1305_memory.c b/libtomcrypt/src/mac/poly1305/poly1305_memory.c
new file mode 100644
index 0000000..a827f8d
--- /dev/null
+++ b/libtomcrypt/src/mac/poly1305/poly1305_memory.c
@@ -0,0 +1,53 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * Public Domain poly1305 from Andrew Moon
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_POLY1305
+
+/**
+   POLY1305 a block of memory to produce the authentication tag
+   @param key       The secret key
+   @param keylen    The length of the secret key (octets)
+   @param in        The data to POLY1305
+   @param inlen     The length of the data to POLY1305 (octets)
+   @param mac       [out] Destination of the authentication tag
+   @param maclen    [in/out] Max size and resulting size of authentication tag
+   @return CRYPT_OK if successful
+*/
+int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen)
+{
+   poly1305_state st;
+   int err;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(in     != NULL);
+   LTC_ARGCHK(mac    != NULL);
+   LTC_ARGCHK(maclen != NULL);
+
+   if ((err = poly1305_init(&st, key, keylen))  != CRYPT_OK) { goto LBL_ERR; }
+   if ((err = poly1305_process(&st, in, inlen)) != CRYPT_OK) { goto LBL_ERR; }
+   err = poly1305_done(&st, mac, maclen);
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(&st, sizeof(poly1305_state));
+#endif
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/libtomcrypt/src/mac/poly1305/poly1305_memory_multi.c b/libtomcrypt/src/mac/poly1305/poly1305_memory_multi.c
new file mode 100644
index 0000000..f22f255
--- /dev/null
+++ b/libtomcrypt/src/mac/poly1305/poly1305_memory_multi.c
@@ -0,0 +1,67 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * Public Domain poly1305 from Andrew Moon
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+#include "tomcrypt.h"
+#include <stdarg.h>
+
+#ifdef LTC_POLY1305
+
+/**
+   POLY1305 multiple blocks of memory to produce the authentication tag
+   @param key       The secret key
+   @param keylen    The length of the secret key (octets)
+   @param mac       [out] Destination of the authentication tag
+   @param maclen    [in/out] Max size and resulting size of authentication tag
+   @param in        The data to POLY1305
+   @param inlen     The length of the data to POLY1305 (octets)
+   @param ...       tuples of (data,len) pairs to POLY1305, terminated with a (NULL,x) (x=don't care)
+   @return CRYPT_OK if successful
+*/
+int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in,  unsigned long inlen, ...)
+{
+   poly1305_state st;
+   int err;
+   va_list args;
+   const unsigned char *curptr;
+   unsigned long curlen;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(in     != NULL);
+   LTC_ARGCHK(mac    != NULL);
+   LTC_ARGCHK(maclen != NULL);
+
+   va_start(args, inlen);
+   curptr = in;
+   curlen = inlen;
+   if ((err = poly1305_init(&st, key, keylen)) != CRYPT_OK)          { goto LBL_ERR; }
+   for (;;) {
+      if ((err = poly1305_process(&st, curptr, curlen)) != CRYPT_OK) { goto LBL_ERR; }
+      curptr = va_arg(args, const unsigned char*);
+      if (curptr == NULL) break;
+      curlen = va_arg(args, unsigned long);
+   }
+   err = poly1305_done(&st, mac, maclen);
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+   zeromem(&st, sizeof(poly1305_state));
+#endif
+   va_end(args);
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/libtomcrypt/src/mac/poly1305/poly1305_test.c b/libtomcrypt/src/mac/poly1305/poly1305_test.c
new file mode 100644
index 0000000..5e4535b
--- /dev/null
+++ b/libtomcrypt/src/mac/poly1305/poly1305_test.c
@@ -0,0 +1,56 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+
+/* The implementation is based on:
+ * Public Domain poly1305 from Andrew Moon
+ * https://github.com/floodyberry/poly1305-donna
+ */
+
+#include "tomcrypt.h"
+
+#ifdef LTC_POLY1305
+
+int poly1305_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   /* https://tools.ietf.org/html/rfc7539#section-2.5.2 */
+   unsigned char k[]   = { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b };
+   unsigned char tag[] = { 0xA8, 0x06, 0x1D, 0xC1, 0x30, 0x51, 0x36, 0xC6, 0xC2, 0x2B, 0x8B, 0xAF, 0x0C, 0x01, 0x27, 0xA9 };
+   char m[] = "Cryptographic Forum Research Group";
+   unsigned long len = 16, mlen = strlen(m);
+   unsigned char out[1000];
+   poly1305_state st;
+   int err;
+
+   /* process piece by piece */
+   if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK)                                return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m,      5)) != CRYPT_OK)         return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m + 5,  4)) != CRYPT_OK)         return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m + 9,  3)) != CRYPT_OK)         return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m + 12, 2)) != CRYPT_OK)         return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m + 14, 1)) != CRYPT_OK)         return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m + 15, mlen - 15)) != CRYPT_OK) return err;
+   if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK)                            return err;
+   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV1", 1) != 0)       return CRYPT_FAIL_TESTVECTOR;
+   /* process in one go */
+   if ((err = poly1305_init(&st, k, 32)) != CRYPT_OK)                                return err;
+   if ((err = poly1305_process(&st, (unsigned char*)m, mlen)) != CRYPT_OK)           return err;
+   if ((err = poly1305_done(&st, out, &len)) != CRYPT_OK)                            return err;
+   if (compare_testvector(out, len, tag, sizeof(tag), "POLY1305-TV2", 1) != 0)       return CRYPT_FAIL_TESTVECTOR;
+   return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
author	Matt Johnston <matt@ucc.asn.au>	2018-02-09 21:44:05 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2018-02-09 21:44:05 +0800
commit	4f2eb1914bdac3ed3ee504ad86061281dbe0d074 (patch)
tree	078293375c3f3ee2d485cf9559a08d65d460786a /libtomcrypt/src/mac/poly1305
parent	d72f50ff3284e15124a0f233c26339229fe305ac (diff)