Mercurial > dropbear
comparison libtomcrypt/src/encauth/ocb/s_ocb_done.c @ 1511:5916af64acd4 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 17 Feb 2018 19:29:51 +0800 |
parents | 6dba84798cd5 |
children |
comparison
equal
deleted
inserted
replaced
1457:32f990cc96b1 | 1511:5916af64acd4 |
---|---|
3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
5 * | 5 * |
6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
7 * guarantee it works. | 7 * guarantee it works. |
8 * | |
9 * Tom St Denis, [email protected], http://libtom.org | |
10 */ | 8 */ |
11 | 9 |
12 /** | 10 /** |
13 @file s_ocb_done.c | 11 @file s_ocb_done.c |
14 OCB implementation, internal helper, by Tom St Denis | 12 OCB implementation, internal helper, by Tom St Denis |
15 */ | 13 */ |
16 #include "tomcrypt.h" | 14 #include "tomcrypt.h" |
17 | 15 |
20 /* Since the last block is encrypted in CTR mode the same code can | 18 /* Since the last block is encrypted in CTR mode the same code can |
21 * be used to finish a decrypt or encrypt stream. The only difference | 19 * be used to finish a decrypt or encrypt stream. The only difference |
22 * is we XOR the final ciphertext into the checksum so we have to xor it | 20 * is we XOR the final ciphertext into the checksum so we have to xor it |
23 * before we CTR [decrypt] or after [encrypt] | 21 * before we CTR [decrypt] or after [encrypt] |
24 * | 22 * |
25 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... | 23 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... |
26 */ | 24 */ |
27 | 25 |
28 /** | 26 /** |
29 Shared code to finish an OCB stream | 27 Shared code to finish an OCB stream |
30 @param ocb The OCB state | 28 @param ocb The OCB state |
72 } | 70 } |
73 return CRYPT_MEM; | 71 return CRYPT_MEM; |
74 } | 72 } |
75 | 73 |
76 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ | 74 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ |
77 ocb_shift_xor(ocb, X); | 75 ocb_shift_xor(ocb, X); |
78 XMEMCPY(Z, X, ocb->block_len); | 76 XMEMCPY(Z, X, ocb->block_len); |
79 | 77 |
80 X[ocb->block_len-1] ^= (ptlen*8)&255; | 78 X[ocb->block_len-1] ^= (ptlen*8)&255; |
81 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; | 79 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; |
82 for (x = 0; x < ocb->block_len; x++) { | 80 for (x = 0; x < ocb->block_len; x++) { |
83 X[x] ^= ocb->Lr[x]; | 81 X[x] ^= ocb->Lr[x]; |
84 } | 82 } |
85 | 83 |
86 /* Y[m] = E(X[m])) */ | 84 /* Y[m] = E(X[m])) */ |
87 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { | 85 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { |
88 goto error; | 86 goto error; |
91 if (mode == 1) { | 89 if (mode == 1) { |
92 /* decrypt mode, so let's xor it first */ | 90 /* decrypt mode, so let's xor it first */ |
93 /* xor C[m] into checksum */ | 91 /* xor C[m] into checksum */ |
94 for (x = 0; x < (int)ptlen; x++) { | 92 for (x = 0; x < (int)ptlen; x++) { |
95 ocb->checksum[x] ^= ct[x]; | 93 ocb->checksum[x] ^= ct[x]; |
96 } | 94 } |
97 } | 95 } |
98 | 96 |
99 /* C[m] = P[m] xor Y[m] */ | 97 /* C[m] = P[m] xor Y[m] */ |
100 for (x = 0; x < (int)ptlen; x++) { | 98 for (x = 0; x < (int)ptlen; x++) { |
101 ct[x] = pt[x] ^ Y[x]; | 99 ct[x] = pt[x] ^ Y[x]; |
102 } | 100 } |
103 | 101 |
104 if (mode == 0) { | 102 if (mode == 0) { |
105 /* encrypt mode */ | 103 /* encrypt mode */ |
106 /* xor C[m] into checksum */ | 104 /* xor C[m] into checksum */ |
107 for (x = 0; x < (int)ptlen; x++) { | 105 for (x = 0; x < (int)ptlen; x++) { |
108 ocb->checksum[x] ^= ct[x]; | 106 ocb->checksum[x] ^= ct[x]; |
109 } | 107 } |
110 } | 108 } |
111 | 109 |
112 /* xor Y[m] and Z[m] into checksum */ | 110 /* xor Y[m] and Z[m] into checksum */ |
113 for (x = 0; x < ocb->block_len; x++) { | 111 for (x = 0; x < ocb->block_len; x++) { |
114 ocb->checksum[x] ^= Y[x] ^ Z[x]; | 112 ocb->checksum[x] ^= Y[x] ^ Z[x]; |
115 } | 113 } |
116 | 114 |
117 /* encrypt checksum, er... tag!! */ | 115 /* encrypt checksum, er... tag!! */ |
118 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { | 116 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { |
119 goto error; | 117 goto error; |
120 } | 118 } |
121 cipher_descriptor[ocb->cipher].done(&ocb->key); | 119 cipher_descriptor[ocb->cipher].done(&ocb->key); |
130 zeromem(X, MAXBLOCKSIZE); | 128 zeromem(X, MAXBLOCKSIZE); |
131 zeromem(Y, MAXBLOCKSIZE); | 129 zeromem(Y, MAXBLOCKSIZE); |
132 zeromem(Z, MAXBLOCKSIZE); | 130 zeromem(Z, MAXBLOCKSIZE); |
133 zeromem(ocb, sizeof(*ocb)); | 131 zeromem(ocb, sizeof(*ocb)); |
134 #endif | 132 #endif |
135 error: | 133 error: |
136 XFREE(X); | 134 XFREE(X); |
137 XFREE(Y); | 135 XFREE(Y); |
138 XFREE(Z); | 136 XFREE(Z); |
139 | 137 |
140 return err; | 138 return err; |
141 } | 139 } |
142 | 140 |
143 #endif | 141 #endif |
144 | 142 |
145 | 143 |
146 /* $Source$ */ | 144 /* ref: $Format:%D$ */ |
147 /* $Revision$ */ | 145 /* git commit: $Format:%H$ */ |
148 /* $Date$ */ | 146 /* commit time: $Format:%ai$ */ |