comparison libtomcrypt/src/encauth/ccm/ccm_add_nonce.c @ 1471:6dba84798cd5

Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include "tomcrypt.h"
10
11 #ifdef LTC_CCM_MODE
12
13 /**
14 Add nonce data to the CCM state
15 @param ccm The CCM state
16 @param nonce The nonce data to add
17 @param noncelen The length of the nonce
18 @return CRYPT_OK on success
19 */
20 int ccm_add_nonce(ccm_state *ccm,
21 const unsigned char *nonce, unsigned long noncelen)
22 {
23 unsigned long x, y, len;
24 int err;
25
26 LTC_ARGCHK(ccm != NULL);
27 LTC_ARGCHK(nonce != NULL);
28
29 /* increase L to match the nonce len */
30 ccm->noncelen = (noncelen > 13) ? 13 : noncelen;
31 if ((15 - ccm->noncelen) > ccm->L) {
32 ccm->L = 15 - ccm->noncelen;
33 }
34
35 /* decrease noncelen to match L */
36 if ((ccm->noncelen + ccm->L) > 15) {
37 ccm->noncelen = 15 - ccm->L;
38 }
39
40 /* form B_0 == flags | Nonce N | l(m) */
41 x = 0;
42 ccm->PAD[x++] = (unsigned char)(((ccm->aadlen > 0) ? (1<<6) : 0) |
43 (((ccm->taglen - 2)>>1)<<3) |
44 (ccm->L-1));
45
46 /* nonce */
47 for (y = 0; y < (16 - (ccm->L + 1)); y++) {
48 ccm->PAD[x++] = nonce[y];
49 }
50
51 /* store len */
52 len = ccm->ptlen;
53
54 /* shift len so the upper bytes of len are the contents of the length */
55 for (y = ccm->L; y < 4; y++) {
56 len <<= 8;
57 }
58
59 /* store l(m) (only store 32-bits) */
60 for (y = 0; ccm->L > 4 && (ccm->L-y)>4; y++) {
61 ccm->PAD[x++] = 0;
62 }
63 for (; y < ccm->L; y++) {
64 ccm->PAD[x++] = (unsigned char)((len >> 24) & 255);
65 len <<= 8;
66 }
67
68 /* encrypt PAD */
69 if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
70 return err;
71 }
72
73 /* handle header */
74 ccm->x = 0;
75 if (ccm->aadlen > 0) {
76 /* store length */
77 if (ccm->aadlen < ((1UL<<16) - (1UL<<8))) {
78 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255;
79 ccm->PAD[ccm->x++] ^= ccm->aadlen & 255;
80 } else {
81 ccm->PAD[ccm->x++] ^= 0xFF;
82 ccm->PAD[ccm->x++] ^= 0xFE;
83 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>24) & 255;
84 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>16) & 255;
85 ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255;
86 ccm->PAD[ccm->x++] ^= ccm->aadlen & 255;
87 }
88 }
89
90 /* setup the ctr counter */
91 x = 0;
92
93 /* flags */
94 ccm->ctr[x++] = (unsigned char)ccm->L-1;
95
96 /* nonce */
97 for (y = 0; y < (16 - (ccm->L+1)); ++y) {
98 ccm->ctr[x++] = nonce[y];
99 }
100 /* offset */
101 while (x < 16) {
102 ccm->ctr[x++] = 0;
103 }
104
105 ccm->CTRlen = 16;
106 return CRYPT_OK;
107 }
108
109 #endif
110
111 /* ref: $Format:%D$ */
112 /* git commit: $Format:%H$ */
113 /* commit time: $Format:%ai$ */