Mercurial > dropbear
comparison libtomcrypt/src/encauth/ccm/ccm_add_nonce.c @ 1511:5916af64acd4 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 17 Feb 2018 19:29:51 +0800 |
parents | 6dba84798cd5 |
children |
comparison
equal
deleted
inserted
replaced
1457:32f990cc96b1 | 1511:5916af64acd4 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 */ | |
9 #include "tomcrypt.h" | |
10 | |
11 #ifdef LTC_CCM_MODE | |
12 | |
13 /** | |
14 Add nonce data to the CCM state | |
15 @param ccm The CCM state | |
16 @param nonce The nonce data to add | |
17 @param noncelen The length of the nonce | |
18 @return CRYPT_OK on success | |
19 */ | |
20 int ccm_add_nonce(ccm_state *ccm, | |
21 const unsigned char *nonce, unsigned long noncelen) | |
22 { | |
23 unsigned long x, y, len; | |
24 int err; | |
25 | |
26 LTC_ARGCHK(ccm != NULL); | |
27 LTC_ARGCHK(nonce != NULL); | |
28 | |
29 /* increase L to match the nonce len */ | |
30 ccm->noncelen = (noncelen > 13) ? 13 : noncelen; | |
31 if ((15 - ccm->noncelen) > ccm->L) { | |
32 ccm->L = 15 - ccm->noncelen; | |
33 } | |
34 | |
35 /* decrease noncelen to match L */ | |
36 if ((ccm->noncelen + ccm->L) > 15) { | |
37 ccm->noncelen = 15 - ccm->L; | |
38 } | |
39 | |
40 /* form B_0 == flags | Nonce N | l(m) */ | |
41 x = 0; | |
42 ccm->PAD[x++] = (unsigned char)(((ccm->aadlen > 0) ? (1<<6) : 0) | | |
43 (((ccm->taglen - 2)>>1)<<3) | | |
44 (ccm->L-1)); | |
45 | |
46 /* nonce */ | |
47 for (y = 0; y < (16 - (ccm->L + 1)); y++) { | |
48 ccm->PAD[x++] = nonce[y]; | |
49 } | |
50 | |
51 /* store len */ | |
52 len = ccm->ptlen; | |
53 | |
54 /* shift len so the upper bytes of len are the contents of the length */ | |
55 for (y = ccm->L; y < 4; y++) { | |
56 len <<= 8; | |
57 } | |
58 | |
59 /* store l(m) (only store 32-bits) */ | |
60 for (y = 0; ccm->L > 4 && (ccm->L-y)>4; y++) { | |
61 ccm->PAD[x++] = 0; | |
62 } | |
63 for (; y < ccm->L; y++) { | |
64 ccm->PAD[x++] = (unsigned char)((len >> 24) & 255); | |
65 len <<= 8; | |
66 } | |
67 | |
68 /* encrypt PAD */ | |
69 if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { | |
70 return err; | |
71 } | |
72 | |
73 /* handle header */ | |
74 ccm->x = 0; | |
75 if (ccm->aadlen > 0) { | |
76 /* store length */ | |
77 if (ccm->aadlen < ((1UL<<16) - (1UL<<8))) { | |
78 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255; | |
79 ccm->PAD[ccm->x++] ^= ccm->aadlen & 255; | |
80 } else { | |
81 ccm->PAD[ccm->x++] ^= 0xFF; | |
82 ccm->PAD[ccm->x++] ^= 0xFE; | |
83 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>24) & 255; | |
84 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>16) & 255; | |
85 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255; | |
86 ccm->PAD[ccm->x++] ^= ccm->aadlen & 255; | |
87 } | |
88 } | |
89 | |
90 /* setup the ctr counter */ | |
91 x = 0; | |
92 | |
93 /* flags */ | |
94 ccm->ctr[x++] = (unsigned char)ccm->L-1; | |
95 | |
96 /* nonce */ | |
97 for (y = 0; y < (16 - (ccm->L+1)); ++y) { | |
98 ccm->ctr[x++] = nonce[y]; | |
99 } | |
100 /* offset */ | |
101 while (x < 16) { | |
102 ccm->ctr[x++] = 0; | |
103 } | |
104 | |
105 ccm->CTRlen = 16; | |
106 return CRYPT_OK; | |
107 } | |
108 | |
109 #endif | |
110 | |
111 /* ref: $Format:%D$ */ | |
112 /* git commit: $Format:%H$ */ | |
113 /* commit time: $Format:%ai$ */ |