Mercurial > dropbear
comparison libtomcrypt/src/encauth/ocb/s_ocb_done.c @ 302:973fccb59ea4 ucc-axis-hack
propagate from branch 'au.asn.ucc.matt.dropbear' (head 11034278bd1917bebcbdc69cf53b1891ce9db121)
to branch 'au.asn.ucc.matt.dropbear.ucc-axis-hack' (head 10a1f614fec73d0820c3f61160d9db409b9beb46)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 25 Mar 2006 12:59:58 +0000 |
parents | 1b9e69c058d2 |
children | 0cbe8f6dbf9e |
comparison
equal
deleted
inserted
replaced
299:740e782679be | 302:973fccb59ea4 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 * | |
9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
10 */ | |
11 | |
12 /** | |
13 @file s_ocb_done.c | |
14 OCB implementation, internal helper, by Tom St Denis | |
15 */ | |
16 #include "tomcrypt.h" | |
17 | |
18 #ifdef OCB_MODE | |
19 | |
20 /* Since the last block is encrypted in CTR mode the same code can | |
21 * be used to finish a decrypt or encrypt stream. The only difference | |
22 * is we XOR the final ciphertext into the checksum so we have to xor it | |
23 * before we CTR [decrypt] or after [encrypt] | |
24 * | |
25 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... | |
26 */ | |
27 | |
28 /** | |
29 Shared code to finish an OCB stream | |
30 @param ocb The OCB state | |
31 @param pt The remaining plaintext [or input] | |
32 @param ptlen The length of the input (octets) | |
33 @param ct [out] The output buffer | |
34 @param tag [out] The destination for the authentication tag | |
35 @param taglen [in/out] The max size and resulting size of the authentication tag | |
36 @param mode The mode we are terminating, 0==encrypt, 1==decrypt | |
37 @return CRYPT_OK if successful | |
38 */ | |
39 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, | |
40 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) | |
41 | |
42 { | |
43 unsigned char *Z, *Y, *X; | |
44 int err, x; | |
45 | |
46 LTC_ARGCHK(ocb != NULL); | |
47 LTC_ARGCHK(pt != NULL); | |
48 LTC_ARGCHK(ct != NULL); | |
49 LTC_ARGCHK(tag != NULL); | |
50 LTC_ARGCHK(taglen != NULL); | |
51 if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { | |
52 return err; | |
53 } | |
54 if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length || | |
55 (int)ptlen > ocb->block_len || (int)ptlen < 0) { | |
56 return CRYPT_INVALID_ARG; | |
57 } | |
58 | |
59 /* allocate ram */ | |
60 Z = XMALLOC(MAXBLOCKSIZE); | |
61 Y = XMALLOC(MAXBLOCKSIZE); | |
62 X = XMALLOC(MAXBLOCKSIZE); | |
63 if (X == NULL || Y == NULL || Z == NULL) { | |
64 if (X != NULL) { | |
65 XFREE(X); | |
66 } | |
67 if (Y != NULL) { | |
68 XFREE(Y); | |
69 } | |
70 if (Z != NULL) { | |
71 XFREE(Z); | |
72 } | |
73 return CRYPT_MEM; | |
74 } | |
75 | |
76 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ | |
77 ocb_shift_xor(ocb, X); | |
78 XMEMCPY(Z, X, ocb->block_len); | |
79 | |
80 X[ocb->block_len-1] ^= (ptlen*8)&255; | |
81 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; | |
82 for (x = 0; x < ocb->block_len; x++) { | |
83 X[x] ^= ocb->Lr[x]; | |
84 } | |
85 | |
86 /* Y[m] = E(X[m])) */ | |
87 cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key); | |
88 | |
89 if (mode == 1) { | |
90 /* decrypt mode, so let's xor it first */ | |
91 /* xor C[m] into checksum */ | |
92 for (x = 0; x < (int)ptlen; x++) { | |
93 ocb->checksum[x] ^= ct[x]; | |
94 } | |
95 } | |
96 | |
97 /* C[m] = P[m] xor Y[m] */ | |
98 for (x = 0; x < (int)ptlen; x++) { | |
99 ct[x] = pt[x] ^ Y[x]; | |
100 } | |
101 | |
102 if (mode == 0) { | |
103 /* encrypt mode */ | |
104 /* xor C[m] into checksum */ | |
105 for (x = 0; x < (int)ptlen; x++) { | |
106 ocb->checksum[x] ^= ct[x]; | |
107 } | |
108 } | |
109 | |
110 /* xor Y[m] and Z[m] into checksum */ | |
111 for (x = 0; x < ocb->block_len; x++) { | |
112 ocb->checksum[x] ^= Y[x] ^ Z[x]; | |
113 } | |
114 | |
115 /* encrypt checksum, er... tag!! */ | |
116 cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key); | |
117 cipher_descriptor[ocb->cipher].done(&ocb->key); | |
118 | |
119 /* now store it */ | |
120 for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { | |
121 tag[x] = X[x]; | |
122 } | |
123 *taglen = x; | |
124 | |
125 #ifdef LTC_CLEAN_STACK | |
126 zeromem(X, MAXBLOCKSIZE); | |
127 zeromem(Y, MAXBLOCKSIZE); | |
128 zeromem(Z, MAXBLOCKSIZE); | |
129 zeromem(ocb, sizeof(*ocb)); | |
130 #endif | |
131 | |
132 XFREE(X); | |
133 XFREE(Y); | |
134 XFREE(Z); | |
135 | |
136 return CRYPT_OK; | |
137 } | |
138 | |
139 #endif | |
140 | |
141 | |
142 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/s_ocb_done.c,v $ */ | |
143 /* $Revision: 1.4 $ */ | |
144 /* $Date: 2005/05/05 14:35:58 $ */ |