Mercurial > dropbear

comparison libtomcrypt/src/encauth/ocb/s_ocb_done.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 9
12 /** 10 /**
13 @file s_ocb_done.c 11 @file s_ocb_done.c
14 OCB implementation, internal helper, by Tom St Denis 12 OCB implementation, internal helper, by Tom St Denis
15 */ 13 */
16 #include "tomcrypt.h" 14 #include "tomcrypt.h"
17 15
20 /* Since the last block is encrypted in CTR mode the same code can 18 /* Since the last block is encrypted in CTR mode the same code can
21 * be used to finish a decrypt or encrypt stream. The only difference 19 * be used to finish a decrypt or encrypt stream. The only difference
22 * is we XOR the final ciphertext into the checksum so we have to xor it 20 * is we XOR the final ciphertext into the checksum so we have to xor it
23 * before we CTR [decrypt] or after [encrypt] 21 * before we CTR [decrypt] or after [encrypt]
24 * 22 *
25 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... 23 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
26 */ 24 */
27 25
28 /** 26 /**
29 Shared code to finish an OCB stream 27 Shared code to finish an OCB stream
30 @param ocb The OCB state 28 @param ocb The OCB state
72 } 70 }
73 return CRYPT_MEM; 71 return CRYPT_MEM;
74 } 72 }
75 73
76 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ 74 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
77 ocb_shift_xor(ocb, X); 75 ocb_shift_xor(ocb, X);
78 XMEMCPY(Z, X, ocb->block_len); 76 XMEMCPY(Z, X, ocb->block_len);
79 77
80 X[ocb->block_len-1] ^= (ptlen*8)&255; 78 X[ocb->block_len-1] ^= (ptlen*8)&255;
81 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; 79 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
82 for (x = 0; x < ocb->block_len; x++) { 80 for (x = 0; x < ocb->block_len; x++) {
83 X[x] ^= ocb->Lr[x]; 81 X[x] ^= ocb->Lr[x];
84 } 82 }
85 83
86 /* Y[m] = E(X[m])) */ 84 /* Y[m] = E(X[m])) */
87 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { 85 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) {
88 goto error; 86 goto error;
91 if (mode == 1) { 89 if (mode == 1) {
92 /* decrypt mode, so let's xor it first */ 90 /* decrypt mode, so let's xor it first */
93 /* xor C[m] into checksum */ 91 /* xor C[m] into checksum */
94 for (x = 0; x < (int)ptlen; x++) { 92 for (x = 0; x < (int)ptlen; x++) {
95 ocb->checksum[x] ^= ct[x]; 93 ocb->checksum[x] ^= ct[x];
96 } 94 }
97 } 95 }
98 96
99 /* C[m] = P[m] xor Y[m] */ 97 /* C[m] = P[m] xor Y[m] */
100 for (x = 0; x < (int)ptlen; x++) { 98 for (x = 0; x < (int)ptlen; x++) {
101 ct[x] = pt[x] ^ Y[x]; 99 ct[x] = pt[x] ^ Y[x];
102 } 100 }
103 101
104 if (mode == 0) { 102 if (mode == 0) {
105 /* encrypt mode */ 103 /* encrypt mode */
106 /* xor C[m] into checksum */ 104 /* xor C[m] into checksum */
107 for (x = 0; x < (int)ptlen; x++) { 105 for (x = 0; x < (int)ptlen; x++) {
108 ocb->checksum[x] ^= ct[x]; 106 ocb->checksum[x] ^= ct[x];
109 } 107 }
110 } 108 }
111 109
112 /* xor Y[m] and Z[m] into checksum */ 110 /* xor Y[m] and Z[m] into checksum */
113 for (x = 0; x < ocb->block_len; x++) { 111 for (x = 0; x < ocb->block_len; x++) {
114 ocb->checksum[x] ^= Y[x] ^ Z[x]; 112 ocb->checksum[x] ^= Y[x] ^ Z[x];
115 } 113 }
116 114
117 /* encrypt checksum, er... tag!! */ 115 /* encrypt checksum, er... tag!! */
118 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { 116 if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) {
119 goto error; 117 goto error;
120 } 118 }
121 cipher_descriptor[ocb->cipher].done(&ocb->key); 119 cipher_descriptor[ocb->cipher].done(&ocb->key);
130 zeromem(X, MAXBLOCKSIZE); 128 zeromem(X, MAXBLOCKSIZE);
131 zeromem(Y, MAXBLOCKSIZE); 129 zeromem(Y, MAXBLOCKSIZE);
132 zeromem(Z, MAXBLOCKSIZE); 130 zeromem(Z, MAXBLOCKSIZE);
133 zeromem(ocb, sizeof(*ocb)); 131 zeromem(ocb, sizeof(*ocb));
134 #endif 132 #endif
135 error: 133 error:
136 XFREE(X); 134 XFREE(X);
137 XFREE(Y); 135 XFREE(Y);
138 XFREE(Z); 136 XFREE(Z);
139 137
140 return err; 138 return err;
141 } 139 }
142 140
143 #endif 141 #endif
144 142
145 143
146 /* $Source$ */ 144 /* ref: $Format:%D$ */
147 /* $Revision$ */ 145 /* git commit: $Format:%H$ */
148 /* $Date$ */ 146 /* commit time: $Format:%ai$ */