Mercurial > dropbear
comparison libtomcrypt/src/encauth/gcm/gcm_process.c @ 399:a707e6148060
merge of '5fdf69ca60d1683cdd9f4c2595134bed26394834'
and '6b61c50f4cf888bea302ac8fcf5dbb573b443251'
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 03 Feb 2007 08:20:34 +0000 |
parents | 0cbe8f6dbf9e |
children | f849a5ca2efc |
comparison
equal
deleted
inserted
replaced
394:17d097fc111c | 399:a707e6148060 |
---|---|
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
2 * | |
3 * LibTomCrypt is a library that provides various cryptographic | |
4 * algorithms in a highly modular and flexible manner. | |
5 * | |
6 * The library is free for all purposes without any express | |
7 * guarantee it works. | |
8 * | |
9 * Tom St Denis, [email protected], http://libtomcrypt.com | |
10 */ | |
11 | |
12 /** | |
13 @file gcm_process.c | |
14 GCM implementation, process message data, by Tom St Denis | |
15 */ | |
16 #include "tomcrypt.h" | |
17 | |
18 #ifdef GCM_MODE | |
19 | |
20 /** | |
21 Process plaintext/ciphertext through GCM | |
22 @param gcm The GCM state | |
23 @param pt The plaintext | |
24 @param ptlen The plaintext length (ciphertext length is the same) | |
25 @param ct The ciphertext | |
26 @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) | |
27 @return CRYPT_OK on success | |
28 */ | |
29 int gcm_process(gcm_state *gcm, | |
30 unsigned char *pt, unsigned long ptlen, | |
31 unsigned char *ct, | |
32 int direction) | |
33 { | |
34 unsigned long x; | |
35 int y, err; | |
36 unsigned char b; | |
37 | |
38 LTC_ARGCHK(gcm != NULL); | |
39 if (ptlen > 0) { | |
40 LTC_ARGCHK(pt != NULL); | |
41 LTC_ARGCHK(ct != NULL); | |
42 } | |
43 | |
44 if (gcm->buflen > 16 || gcm->buflen < 0) { | |
45 return CRYPT_INVALID_ARG; | |
46 } | |
47 | |
48 if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { | |
49 return err; | |
50 } | |
51 | |
52 /* in AAD mode? */ | |
53 if (gcm->mode == GCM_MODE_AAD) { | |
54 /* let's process the AAD */ | |
55 if (gcm->buflen) { | |
56 gcm->totlen += gcm->buflen * CONST64(8); | |
57 gcm_mult_h(gcm, gcm->X); | |
58 } | |
59 | |
60 /* increment counter */ | |
61 for (y = 15; y >= 12; y--) { | |
62 if (++gcm->Y[y] & 255) { break; } | |
63 } | |
64 /* encrypt the counter */ | |
65 if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { | |
66 return err; | |
67 } | |
68 | |
69 gcm->buflen = 0; | |
70 gcm->mode = GCM_MODE_TEXT; | |
71 } | |
72 | |
73 if (gcm->mode != GCM_MODE_TEXT) { | |
74 return CRYPT_INVALID_ARG; | |
75 } | |
76 | |
77 x = 0; | |
78 #ifdef LTC_FAST | |
79 if (gcm->buflen == 0) { | |
80 if (direction == GCM_ENCRYPT) { | |
81 for (x = 0; x < (ptlen & ~15); x += 16) { | |
82 /* ctr encrypt */ | |
83 for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { | |
84 *((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); | |
85 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); | |
86 } | |
87 /* GMAC it */ | |
88 gcm->pttotlen += 128; | |
89 gcm_mult_h(gcm, gcm->X); | |
90 /* increment counter */ | |
91 for (y = 15; y >= 12; y--) { | |
92 if (++gcm->Y[y] & 255) { break; } | |
93 } | |
94 if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { | |
95 return err; | |
96 } | |
97 } | |
98 } else { | |
99 for (x = 0; x < (ptlen & ~15); x += 16) { | |
100 /* ctr encrypt */ | |
101 for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { | |
102 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); | |
103 *((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); | |
104 } | |
105 /* GMAC it */ | |
106 gcm->pttotlen += 128; | |
107 gcm_mult_h(gcm, gcm->X); | |
108 /* increment counter */ | |
109 for (y = 15; y >= 12; y--) { | |
110 if (++gcm->Y[y] & 255) { break; } | |
111 } | |
112 if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { | |
113 return err; | |
114 } | |
115 } | |
116 } | |
117 } | |
118 #endif | |
119 | |
120 /* process text */ | |
121 for (; x < ptlen; x++) { | |
122 if (gcm->buflen == 16) { | |
123 gcm->pttotlen += 128; | |
124 gcm_mult_h(gcm, gcm->X); | |
125 | |
126 /* increment counter */ | |
127 for (y = 15; y >= 12; y--) { | |
128 if (++gcm->Y[y] & 255) { break; } | |
129 } | |
130 if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { | |
131 return err; | |
132 } | |
133 gcm->buflen = 0; | |
134 } | |
135 | |
136 if (direction == GCM_ENCRYPT) { | |
137 b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; | |
138 } else { | |
139 b = ct[x]; | |
140 pt[x] = ct[x] ^ gcm->buf[gcm->buflen]; | |
141 } | |
142 gcm->X[gcm->buflen++] ^= b; | |
143 } | |
144 | |
145 return CRYPT_OK; | |
146 } | |
147 | |
148 #endif | |
149 | |
150 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_process.c,v $ */ | |
151 /* $Revision: 1.14 $ */ | |
152 /* $Date: 2006/11/19 19:33:36 $ */ |