Make Poly1305::result return, rather than copy to a slice

TheBlueMatt · TheBlueMatt · commit 12c9fcd42738 · 2025-06-11T00:57:26.000Z
`Poly1305::raw_result` copies the output into a slice, for some
reason allowing any length sice. This isn't a great API, so while
we're here we change it to return the 16-byte tag instead.
diff --git a/lightning/src/crypto/chacha20poly1305rfc.rs b/lightning/src/crypto/chacha20poly1305rfc.rs
@@ -67,7 +67,7 @@ mod real_chachapoly {
 			self.finished = true;
 			self.mac.input(&self.aad_len.to_le_bytes());
 			self.mac.input(&(self.data_len as u64).to_le_bytes());
-			self.mac.raw_result(out_tag);
+			out_tag.copy_from_slice(&self.mac.result());
 		}
 
 		pub fn encrypt_full_message_in_place(
@@ -94,7 +94,7 @@ mod real_chachapoly {
 			self.finished = true;
 			self.mac.input(&self.aad_len.to_le_bytes());
 			self.mac.input(&(self.data_len as u64).to_le_bytes());
-			self.mac.raw_result(out_tag);
+			out_tag.copy_from_slice(&self.mac.result());
 		}
 
 		/// Decrypt the `input`, checking the given `tag` prior to writing the decrypted contents
@@ -115,8 +115,7 @@ mod real_chachapoly {
 			self.mac.input(&self.aad_len.to_le_bytes());
 			self.mac.input(&(self.data_len as u64).to_le_bytes());
 
-			let mut calc_tag = [0u8; 16];
-			self.mac.raw_result(&mut calc_tag);
+			let calc_tag = self.mac.result();
 			if fixed_time_eq(&calc_tag, tag) {
 				self.cipher.process(input, output);
 				Ok(())
@@ -156,8 +155,7 @@ mod real_chachapoly {
 			self.mac.input(&self.aad_len.to_le_bytes());
 			self.mac.input(&(self.data_len as u64).to_le_bytes());
 
-			let mut calc_tag = [0u8; 16];
-			self.mac.raw_result(&mut calc_tag);
+			let calc_tag = self.mac.result();
 			if fixed_time_eq(&calc_tag, tag) {
 				true
 			} else {
diff --git a/lightning/src/crypto/poly1305.rs b/lightning/src/crypto/poly1305.rs
@@ -252,15 +252,16 @@ impl Poly1305 {
 		self.leftover = m.len();
 	}
 
-	pub fn raw_result(&mut self, output: &mut [u8]) {
-		assert!(output.len() >= 16);
+	pub fn result(&mut self) -> [u8; 16] {
 		if !self.finalized {
 			self.finish();
 		}
+		let mut output = [0; 16];
 		output[0..4].copy_from_slice(&self.h[0].to_le_bytes());
 		output[4..8].copy_from_slice(&self.h[1].to_le_bytes());
 		output[8..12].copy_from_slice(&self.h[2].to_le_bytes());
 		output[12..16].copy_from_slice(&self.h[3].to_le_bytes());
+		output
 	}
 }
 
@@ -270,10 +271,10 @@ mod test {
 
 	use super::Poly1305;
 
-	fn poly1305(key: &[u8], msg: &[u8], mac: &mut [u8]) {
+	fn poly1305(key: &[u8], msg: &[u8], mac: &mut [u8; 16]) {
 		let mut poly = Poly1305::new(key);
 		poly.input(msg);
-		poly.raw_result(mac);
+		*mac = poly.result();
 	}
 
 	#[test]
@@ -318,7 +319,7 @@ mod test {
 		poly.input(&msg[128..129]);
 		poly.input(&msg[129..130]);
 		poly.input(&msg[130..131]);
-		poly.raw_result(&mut mac);
+		let mac = poly.result();
 		assert_eq!(&mac[..], &expected[..]);
 	}
 
@@ -363,7 +364,7 @@ mod test {
 			poly1305(&key[..], &msg[0..i], &mut mac);
 			tpoly.input(&mac);
 		}
-		tpoly.raw_result(&mut mac);
+		let mac = tpoly.result();
 		assert_eq!(&mac[..], &total_mac[..]);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -252,15 +252,16 @@ impl Poly1305 {`
`252`	`252`	`self.leftover = m.len();`
`253`	`253`	`}`
`254`	`254`
`255`		`- pub fn raw_result(&mut self, output: &mut [u8]) {`
`256`		`- assert!(output.len() >= 16);`
	`255`	`+ pub fn result(&mut self) -> [u8; 16] {`
`257`	`256`	`if !self.finalized {`
`258`	`257`	`self.finish();`
`259`	`258`	`}`
	`259`	`+ let mut output = [0; 16];`
`260`	`260`	`output[0..4].copy_from_slice(&self.h[0].to_le_bytes());`
`261`	`261`	`output[4..8].copy_from_slice(&self.h[1].to_le_bytes());`
`262`	`262`	`output[8..12].copy_from_slice(&self.h[2].to_le_bytes());`
`263`	`263`	`output[12..16].copy_from_slice(&self.h[3].to_le_bytes());`
	`264`	`+ output`
`264`	`265`	`}`
`265`	`266`	`}`
`266`	`267`
`@@ -270,10 +271,10 @@ mod test {`
`270`	`271`
`271`	`272`	`use super::Poly1305;`
`272`	`273`
`273`		`- fn poly1305(key: &[u8], msg: &[u8], mac: &mut [u8]) {`
	`274`	`+ fn poly1305(key: &[u8], msg: &[u8], mac: &mut [u8; 16]) {`
`274`	`275`	`let mut poly = Poly1305::new(key);`
`275`	`276`	`poly.input(msg);`
`276`		`- poly.raw_result(mac);`
	`277`	`+ *mac = poly.result();`
`277`	`278`	`}`
`278`	`279`
`279`	`280`	`#[test]`
`@@ -318,7 +319,7 @@ mod test {`
`318`	`319`	`poly.input(&msg[128..129]);`
`319`	`320`	`poly.input(&msg[129..130]);`
`320`	`321`	`poly.input(&msg[130..131]);`
`321`		`- poly.raw_result(&mut mac);`
	`322`	`+ let mac = poly.result();`
`322`	`323`	`assert_eq!(&mac[..], &expected[..]);`
`323`	`324`	`}`
`324`	`325`
`@@ -363,7 +364,7 @@ mod test {`
`363`	`364`	`poly1305(&key[..], &msg[0..i], &mut mac);`
`364`	`365`	`tpoly.input(&mac);`
`365`	`366`	`}`
`366`		`- tpoly.raw_result(&mut mac);`
	`367`	`+ let mac = tpoly.result();`
`367`	`368`	`assert_eq!(&mac[..], &total_mac[..]);`
`368`	`369`	`}`
`369`	`370`