Mercurial > dropbear

comparison libtomcrypt/src/modes/xts/xts_decrypt.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects 12 Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects
15 */ 13 */
16 14
17 #ifdef LTC_XTS_MODE 15 #ifdef LTC_XTS_MODE
18 16
19 static int tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned char *T, symmetric_xts *xts) 17 static int _tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned char *T, symmetric_xts *xts)
20 { 18 {
21 unsigned long x; 19 unsigned long x;
22 int err; 20 int err;
23 21
24 /* tweak encrypt block i */ 22 /* tweak encrypt block i */
25 #ifdef LTC_FAST 23 #ifdef LTC_FAST
26 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { 24 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
27 *((LTC_FAST_TYPE*)&P[x]) = *((LTC_FAST_TYPE*)&C[x]) ^ *((LTC_FAST_TYPE*)&T[x]); 25 *(LTC_FAST_TYPE_PTR_CAST(&P[x])) = *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
28 } 26 }
29 #else 27 #else
30 for (x = 0; x < 16; x++) { 28 for (x = 0; x < 16; x++) {
31 P[x] = C[x] ^ T[x]; 29 P[x] = C[x] ^ T[x];
32 } 30 }
33 #endif 31 #endif
34 32
35 err = cipher_descriptor[xts->cipher].ecb_decrypt(P, P, &xts->key1); 33 err = cipher_descriptor[xts->cipher].ecb_decrypt(P, P, &xts->key1);
36 34
37 #ifdef LTC_FAST 35 #ifdef LTC_FAST
38 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { 36 for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
39 *((LTC_FAST_TYPE*)&P[x]) ^= *((LTC_FAST_TYPE*)&T[x]); 37 *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x]));
40 } 38 }
41 #else 39 #else
42 for (x = 0; x < 16; x++) { 40 for (x = 0; x < 16; x++) {
43 P[x] = P[x] ^ T[x]; 41 P[x] = P[x] ^ T[x];
44 } 42 }
45 #endif 43 #endif
46 44
47 /* LFSR the tweak */ 45 /* LFSR the tweak */
48 xts_mult_x(T); 46 xts_mult_x(T);
49 47
50 return err; 48 return err;
51 } 49 }
52 50
53 /** XTS Decryption 51 /** XTS Decryption
54 @param ct [in] Ciphertext 52 @param ct [in] Ciphertext
55 @param ptlen Length of plaintext (and ciphertext) 53 @param ptlen Length of plaintext (and ciphertext)
56 @param pt [out] Plaintext 54 @param pt [out] Plaintext
57 @param tweak [in] The 128--bit encryption tweak (e.g. sector number) 55 @param tweak [in] The 128--bit encryption tweak (e.g. sector number)
58 @param xts The XTS structure 56 @param xts The XTS structure
59 Returns CRYPT_OK upon success 57 Returns CRYPT_OK upon success
60 */int xts_decrypt( 58 */
61 const unsigned char *ct, unsigned long ptlen, 59 int xts_decrypt(const unsigned char *ct, unsigned long ptlen, unsigned char *pt, unsigned char *tweak,
62 unsigned char *pt, 60 symmetric_xts *xts)
63 const unsigned char *tweak,
64 symmetric_xts *xts)
65 { 61 {
66 unsigned char PP[16], CC[16], T[16]; 62 unsigned char PP[16], CC[16], T[16];
67 unsigned long i, m, mo, lim; 63 unsigned long i, m, mo, lim;
68 int err; 64 int err;
69 65
70 /* check inputs */ 66 /* check inputs */
71 LTC_ARGCHK(pt != NULL); 67 LTC_ARGCHK(pt != NULL);
72 LTC_ARGCHK(ct != NULL); 68 LTC_ARGCHK(ct != NULL);
73 LTC_ARGCHK(tweak != NULL); 69 LTC_ARGCHK(tweak != NULL);
74 LTC_ARGCHK(xts != NULL); 70 LTC_ARGCHK(xts != NULL);
75 71
76 /* check if valid */ 72 /* check if valid */
77 if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) { 73 if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) {
78 return err; 74 return err;
79 } 75 }
80 76
81 /* get number of blocks */ 77 /* get number of blocks */
82 m = ptlen >> 4; 78 m = ptlen >> 4;
83 mo = ptlen & 15; 79 mo = ptlen & 15;
84 80
85 /* must have at least one full block */ 81 /* must have at least one full block */
86 if (m == 0) { 82 if (m == 0) {
87 return CRYPT_INVALID_ARG; 83 return CRYPT_INVALID_ARG;
88 } 84 }
89 85
90 /* encrypt the tweak */
91 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) {
92 return err;
93 }
94
95 /* for i = 0 to m-2 do */
96 if (mo == 0) { 86 if (mo == 0) {
97 lim = m; 87 lim = m;
98 } else { 88 } else {
99 lim = m - 1; 89 lim = m - 1;
100 } 90 }
101 91
102 for (i = 0; i < lim; i++) { 92 if (cipher_descriptor[xts->cipher].accel_xts_decrypt && lim > 0) {
103 err = tweak_uncrypt(ct, pt, T, xts); 93
104 ct += 16; 94 /* use accelerated decryption for whole blocks */
105 pt += 16; 95 if ((err = cipher_descriptor[xts->cipher].accel_xts_decrypt(ct, pt, lim, tweak, &xts->key1, &xts->key2)) !=
96 CRYPT_OK) {
97 return err;
98 }
99 ct += lim * 16;
100 pt += lim * 16;
101
102 /* tweak is encrypted on output */
103 XMEMCPY(T, tweak, sizeof(T));
104 } else {
105 /* encrypt the tweak */
106 if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) {
107 return err;
108 }
109
110 for (i = 0; i < lim; i++) {
111 if ((err = _tweak_uncrypt(ct, pt, T, xts)) != CRYPT_OK) {
112 return err;
113 }
114 ct += 16;
115 pt += 16;
116 }
106 } 117 }
107 118
108 /* if ptlen not divide 16 then */ 119 /* if ptlen not divide 16 then */
109 if (mo > 0) { 120 if (mo > 0) {
110 XMEMCPY(CC, T, 16); 121 XMEMCPY(CC, T, 16);
111 xts_mult_x(CC); 122 xts_mult_x(CC);
112 123
113 /* PP = tweak decrypt block m-1 */ 124 /* PP = tweak decrypt block m-1 */
114 if ((err = tweak_uncrypt(ct, PP, CC, xts)) != CRYPT_OK) { 125 if ((err = _tweak_uncrypt(ct, PP, CC, xts)) != CRYPT_OK) {
115 return err; 126 return err;
116 } 127 }
117 128
118 /* Pm = first ptlen % 16 bytes of PP */ 129 /* Pm = first ptlen % 16 bytes of PP */
119 for (i = 0; i < mo; i++) { 130 for (i = 0; i < mo; i++) {
120 CC[i] = ct[16+i]; 131 CC[i] = ct[16 + i];
121 pt[16+i] = PP[i]; 132 pt[16 + i] = PP[i];
122 } 133 }
123 for (; i < 16; i++) { 134 for (; i < 16; i++) {
124 CC[i] = PP[i]; 135 CC[i] = PP[i];
125 } 136 }
126 137
127 /* Pm-1 = Tweak uncrypt CC */ 138 /* Pm-1 = Tweak uncrypt CC */
128 if ((err = tweak_uncrypt(CC, pt, T, xts)) != CRYPT_OK) { 139 if ((err = _tweak_uncrypt(CC, pt, T, xts)) != CRYPT_OK) {
129 return err; 140 return err;
130 } 141 }
142 }
143
144 /* Decrypt the tweak back */
145 if ((err = cipher_descriptor[xts->cipher].ecb_decrypt(T, tweak, &xts->key2)) != CRYPT_OK) {
146 return err;
131 } 147 }
132 148
133 return CRYPT_OK; 149 return CRYPT_OK;
134 } 150 }
135 151
136 #endif 152 #endif
137 153
138 /* $Source$ */ 154 /* ref: $Format:%D$ */
139 /* $Revision$ */ 155 /* git commit: $Format:%H$ */
140 /* $Date$ */ 156 /* commit time: $Format:%ai$ */
141