dropbear: src/encauth/ccm/ccm_memory.c comparison

comparison src/encauth/ccm/ccm_memory.c @ 380:d5faf4814ddb libtomcrypt-orig libtomcrypt-1.16

Update to LibTomCrypt 1.16

author	Matt Johnston <matt@ucc.asn.au>
date	Thu, 11 Jan 2007 02:22:00 +0000
parents	59400faa4b44
children

comparison

equal deleted inserted replaced

-:59400faa4b44
+:d5faf4814ddb
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 *
-* Tom St Denis, [email protected], http://libtomcrypt.org
+* Tom St Denis, [email protected], http://libtomcrypt.com
 */
 #include "tomcrypt.h"
 /**
 @file ccm_memory.c
 /**
 CCM encrypt/decrypt and produce an authentication tag
 @param cipher     The index of the cipher desired
 @param key        The secret key to use
 @param keylen     The length of the secret key (octets)
+@param uskey      A previously scheduled key [optional can be NULL]
 @param nonce      The session nonce [use once]
 @param noncelen   The length of the nonce
 @param header     The header for the session
 @param headerlen  The length of the header (octets)
 @param pt         [out] The plaintext
 @param direction  Encrypt or Decrypt direction (0 or 1)
 @return CRYPT_OK if successful
 */
 int ccm_memory(int cipher,
 const unsigned char *key,    unsigned long keylen,
+symmetric_key       *uskey,
 const unsigned char *nonce,  unsigned long noncelen,
 const unsigned char *header, unsigned long headerlen,
 unsigned char *pt,     unsigned long ptlen,
 unsigned char *ct,
 unsigned char *tag,    unsigned long *taglen,
 unsigned char  PAD[16], ctr[16], CTRPAD[16], b;
 symmetric_key *skey;
 int            err;
 unsigned long  len, L, x, y, z, CTRlen;
-LTC_ARGCHK(key    != NULL);
+if (uskey == NULL) {
+LTC_ARGCHK(key    != NULL);
+}
 LTC_ARGCHK(nonce  != NULL);
 if (headerlen > 0) {
 LTC_ARGCHK(header != NULL);
 }
 LTC_ARGCHK(pt     != NULL);
 return CRYPT_INVALID_ARG;
 }
 /* is there an accelerator? */
 if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
-cipher_descriptor[cipher].accel_ccm_memory(
+return cipher_descriptor[cipher].accel_ccm_memory(
 key,    keylen,
+uskey,
 nonce,  noncelen,
 header, headerlen,
 pt,     ptlen,
 ct,
 tag,    taglen,
 direction);
-return CRYPT_OK;
 }
 /* let's get the L value */
 len = ptlen;
 L   = 0;
 noncelen = (noncelen > 13) ? 13 : noncelen;
 if ((15 - noncelen) > L) {
 L = 15 - noncelen;
 }
+/* decrease noncelen to match L */
+if ((noncelen + L) > 15) {
+noncelen = 15 - L;
+}
 /* allocate mem for the symmetric key */
-skey = XMALLOC(sizeof(*skey));
+if (uskey == NULL) {
-if (skey == NULL) {
+skey = XMALLOC(sizeof(*skey));
-return CRYPT_MEM;
+if (skey == NULL) {
-}
+return CRYPT_MEM;
+}
-/* initialize the cipher */
-if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
+/* initialize the cipher */
-XFREE(skey);
+if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
-return err;
+XFREE(skey);
+return err;
+}
+} else {
+skey = uskey;
 }
 /* form B_0 == flags | Nonce N | l(m) */
 x = 0;
-PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) |
+PAD[x++] = (unsigned char)(((headerlen > 0) ? (1<<6) : 0) |
 (((*taglen - 2)>>1)<<3)        |
-(L-1);
+(L-1));
 /* nonce */
 for (y = 0; y < (16 - (L + 1)); y++) {
 PAD[x++] = nonce[y];
 }
 /* store l(m) (only store 32-bits) */
 for (y = 0; L > 4 && (L-y)>4; y++) {
 PAD[x++] = 0;
 }
 for (; y < L; y++) {
-PAD[x++] = (len >> 24) & 255;
+PAD[x++] = (unsigned char)((len >> 24) & 255);
 len <<= 8;
 }
 /* encrypt PAD */
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 /* handle header */
 if (headerlen > 0) {
 x = 0;
 /* now add the data */
 for (y = 0; y < headerlen; y++) {
 if (x == 16) {
 /* full block so let's encrypt it */
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 x = 0;
 }
 PAD[x++] ^= header[y];
 }
 /* remainder? */
 if (x != 0) {
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 }
 }
 /* setup the ctr counter */
 x = 0;
 /* flags */
-ctr[x++] = L-1;
+ctr[x++] = (unsigned char)L-1;
 /* nonce */
 for (y = 0; y < (16 - (L+1)); ++y) {
 ctr[x++] = nonce[y];
 }
 /* increment the ctr? */
 for (z = 15; z > 15-L; z--) {
 ctr[z] = (ctr[z] + 1) & 255;
 if (ctr[z]) break;
 }
-cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+goto error;
+}
 /* xor the PT against the pad first */
 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
 *((LTC_FAST_TYPE*)(&PAD[z]))  ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
 *((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
 }
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 }
 } else {
 for (; y < (ptlen & ~15); y += 16) {
 /* increment the ctr? */
 for (z = 15; z > 15-L; z--) {
 ctr[z] = (ctr[z] + 1) & 255;
 if (ctr[z]) break;
 }
-cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+goto error;
+}
 /* xor the PT against the pad last */
 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
 *((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
 *((LTC_FAST_TYPE*)(&PAD[z]))  ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
 }
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 }
 }
 }
 #endif
 if (CTRlen == 16) {
 for (z = 15; z > 15-L; z--) {
 ctr[z] = (ctr[z] + 1) & 255;
 if (ctr[z]) break;
 }
-cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+goto error;
+}
 CTRlen = 0;
 }
 /* if we encrypt we add the bytes to the MAC first */
 if (direction == CCM_ENCRYPT) {
 b     = ct[y] ^ CTRPAD[CTRlen++];
 pt[y] = b;
 }
 if (x == 16) {
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+goto error;
+}
 x = 0;
 }
 PAD[x++] ^= b;
 }
 if (x != 0) {
-cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
-}
+goto error;
 }
+}
-/* setup CTR for the TAG */
+}
-ctr[14] = ctr[15] = 0x00;
-cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+/* setup CTR for the TAG (zero the count) */
-cipher_descriptor[cipher].done(skey);
+for (y = 15; y > 15 - L; y--) {
+ctr[y] = 0x00;
+}
+if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+goto error;
+}
+if (skey != uskey) {
+cipher_descriptor[cipher].done(skey);
+}
 /* store the TAG */
 for (x = 0; x < 16 && x < *taglen; x++) {
 tag[x] = PAD[x] ^ CTRPAD[x];
 }
 #ifdef LTC_CLEAN_STACK
 zeromem(skey,   sizeof(*skey));
 zeromem(PAD,    sizeof(PAD));
 zeromem(CTRPAD, sizeof(CTRPAD));
 #endif
+error:
-XFREE(skey);
+if (skey != uskey) {
+XFREE(skey);
-return CRYPT_OK;
+}
+return err;
 }
 #endif
 /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_memory.c,v $ */
-/* $Revision: 1.9 $ */
+/* $Revision: 1.18 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Date: 2006/12/04 21:34:03 $ */

Mercurial > dropbear

comparison src/encauth/ccm/ccm_memory.c @ 380:d5faf4814ddb libtomcrypt-orig libtomcrypt-1.16