Mercurial > dropbear
comparison libtomcrypt/src/encauth/ocb3/ocb3_done.c @ 1511:5916af64acd4 fuzz
merge from main
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 17 Feb 2018 19:29:51 +0800 |
parents | 6dba84798cd5 |
children |
comparison
equal
deleted
inserted
replaced
1457:32f990cc96b1 | 1511:5916af64acd4 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 */ | |
9 | |
10 /** | |
11 @file ocb3_done.c | |
12 OCB implementation, INTERNAL ONLY helper, by Tom St Denis | |
13 */ | |
14 #include "tomcrypt.h" | |
15 | |
16 #ifdef LTC_OCB3_MODE | |
17 | |
18 /** | |
19 Finish OCB processing and compute the tag | |
20 @param ocb The OCB state | |
21 @param tag [out] The destination for the authentication tag | |
22 @param taglen [in/out] The max size and resulting size of the authentication tag | |
23 @return CRYPT_OK if successful | |
24 */ | |
25 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen) | |
26 { | |
27 unsigned char tmp[MAXBLOCKSIZE]; | |
28 int err, x; | |
29 | |
30 LTC_ARGCHK(ocb != NULL); | |
31 LTC_ARGCHK(tag != NULL); | |
32 LTC_ARGCHK(taglen != NULL); | |
33 if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { | |
34 goto LBL_ERR; | |
35 } | |
36 | |
37 /* check taglen */ | |
38 if ((int)*taglen < ocb->tag_len) { | |
39 *taglen = (unsigned long)ocb->tag_len; | |
40 return CRYPT_BUFFER_OVERFLOW; | |
41 } | |
42 | |
43 /* finalize AAD processing */ | |
44 | |
45 if (ocb->adata_buffer_bytes>0) { | |
46 /* Offset_* = Offset_m xor L_* */ | |
47 ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_star, ocb->block_len); | |
48 | |
49 /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ | |
50 ocb3_int_xor_blocks(tmp, ocb->adata_buffer, ocb->aOffset_current, ocb->adata_buffer_bytes); | |
51 for(x=ocb->adata_buffer_bytes; x<ocb->block_len; x++) { | |
52 if (x == ocb->adata_buffer_bytes) { | |
53 tmp[x] = 0x80 ^ ocb->aOffset_current[x]; | |
54 } | |
55 else { | |
56 tmp[x] = 0x00 ^ ocb->aOffset_current[x]; | |
57 } | |
58 } | |
59 | |
60 /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ | |
61 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { | |
62 goto LBL_ERR; | |
63 } | |
64 ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len); | |
65 } | |
66 | |
67 /* finalize TAG computing */ | |
68 | |
69 /* at this point ocb->aSum_current = HASH(K, A) */ | |
70 /* tag = tag ^ HASH(K, A) */ | |
71 ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len); | |
72 | |
73 /* copy tag bytes */ | |
74 for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x]; | |
75 *taglen = (unsigned long)ocb->tag_len; | |
76 | |
77 err = CRYPT_OK; | |
78 | |
79 LBL_ERR: | |
80 #ifdef LTC_CLEAN_STACK | |
81 zeromem(tmp, MAXBLOCKSIZE); | |
82 zeromem(ocb, sizeof(*ocb)); | |
83 #endif | |
84 | |
85 return err; | |
86 } | |
87 | |
88 #endif | |
89 | |
90 /* ref: $Format:%D$ */ | |
91 /* git commit: $Format:%H$ */ | |
92 /* commit time: $Format:%ai$ */ |