comparison src/encauth/ocb/s_ocb_done.c @ 192:9cc34777b479 libtomcrypt

propagate from branch 'au.asn.ucc.matt.ltc-orig' (head 9ba8f01f44320e9cb9f19881105ae84f84a43ea9) to branch 'au.asn.ucc.matt.dropbear.ltc' (head dbf51c569bc34956ad948e4cc87a0eeb2170b768)
author Matt Johnston <matt@ucc.asn.au>
date Sun, 08 May 2005 06:36:47 +0000
parents 1c15b283127b
children 39d5d58461d6
comparison
equal deleted inserted replaced
164:cd1143579f00 192:9cc34777b479
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /**
13 @file s_ocb_done.c
14 OCB implementation, internal helper, by Tom St Denis
15 */
16 #include "tomcrypt.h"
17
18 #ifdef OCB_MODE
19
20 /* Since the last block is encrypted in CTR mode the same code can
21 * be used to finish a decrypt or encrypt stream. The only difference
22 * is we XOR the final ciphertext into the checksum so we have to xor it
23 * before we CTR [decrypt] or after [encrypt]
24 *
25 * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
26 */
27
28 /**
29 Shared code to finish an OCB stream
30 @param ocb The OCB state
31 @param pt The remaining plaintext [or input]
32 @param ptlen The length of the input (octets)
33 @param ct [out] The output buffer
34 @param tag [out] The destination for the authentication tag
35 @param taglen [in/out] The max size and resulting size of the authentication tag
36 @param mode The mode we are terminating, 0==encrypt, 1==decrypt
37 @return CRYPT_OK if successful
38 */
39 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
40 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
41
42 {
43 unsigned char *Z, *Y, *X;
44 int err, x;
45
46 LTC_ARGCHK(ocb != NULL);
47 LTC_ARGCHK(pt != NULL);
48 LTC_ARGCHK(ct != NULL);
49 LTC_ARGCHK(tag != NULL);
50 LTC_ARGCHK(taglen != NULL);
51 if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
52 return err;
53 }
54 if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length ||
55 (int)ptlen > ocb->block_len || (int)ptlen < 0) {
56 return CRYPT_INVALID_ARG;
57 }
58
59 /* allocate ram */
60 Z = XMALLOC(MAXBLOCKSIZE);
61 Y = XMALLOC(MAXBLOCKSIZE);
62 X = XMALLOC(MAXBLOCKSIZE);
63 if (X == NULL || Y == NULL || Z == NULL) {
64 if (X != NULL) {
65 XFREE(X);
66 }
67 if (Y != NULL) {
68 XFREE(Y);
69 }
70 if (Z != NULL) {
71 XFREE(Z);
72 }
73 return CRYPT_MEM;
74 }
75
76 /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
77 ocb_shift_xor(ocb, X);
78 XMEMCPY(Z, X, ocb->block_len);
79
80 X[ocb->block_len-1] ^= (ptlen*8)&255;
81 X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
82 for (x = 0; x < ocb->block_len; x++) {
83 X[x] ^= ocb->Lr[x];
84 }
85
86 /* Y[m] = E(X[m])) */
87 cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key);
88
89 if (mode == 1) {
90 /* decrypt mode, so let's xor it first */
91 /* xor C[m] into checksum */
92 for (x = 0; x < (int)ptlen; x++) {
93 ocb->checksum[x] ^= ct[x];
94 }
95 }
96
97 /* C[m] = P[m] xor Y[m] */
98 for (x = 0; x < (int)ptlen; x++) {
99 ct[x] = pt[x] ^ Y[x];
100 }
101
102 if (mode == 0) {
103 /* encrypt mode */
104 /* xor C[m] into checksum */
105 for (x = 0; x < (int)ptlen; x++) {
106 ocb->checksum[x] ^= ct[x];
107 }
108 }
109
110 /* xor Y[m] and Z[m] into checksum */
111 for (x = 0; x < ocb->block_len; x++) {
112 ocb->checksum[x] ^= Y[x] ^ Z[x];
113 }
114
115 /* encrypt checksum, er... tag!! */
116 cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
117 cipher_descriptor[ocb->cipher].done(&ocb->key);
118
119 /* now store it */
120 for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
121 tag[x] = X[x];
122 }
123 *taglen = x;
124
125 #ifdef LTC_CLEAN_STACK
126 zeromem(X, MAXBLOCKSIZE);
127 zeromem(Y, MAXBLOCKSIZE);
128 zeromem(Z, MAXBLOCKSIZE);
129 zeromem(ocb, sizeof(*ocb));
130 #endif
131
132 XFREE(X);
133 XFREE(Y);
134 XFREE(Z);
135
136 return CRYPT_OK;
137 }
138
139 #endif
140