Mercurial > dropbear
diff libtomcrypt/src/encauth/gcm/gcm_process.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 09 Feb 2018 21:44:05 +0800 |
| parents | f849a5ca2efc |
| children |
line wrap: on
line diff
--- a/libtomcrypt/src/encauth/gcm/gcm_process.c Thu Feb 08 23:11:40 2018 +0800 +++ b/libtomcrypt/src/encauth/gcm/gcm_process.c Fri Feb 09 21:44:05 2018 +0800 @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, [email protected], http://libtom.org */ /** @@ -17,9 +15,9 @@ #ifdef LTC_GCM_MODE -/** +/** Process plaintext/ciphertext through GCM - @param gcm The GCM state + @param gcm The GCM state @param pt The plaintext @param ptlen The plaintext length (ciphertext length is the same) @param ct The ciphertext @@ -44,11 +42,21 @@ if (gcm->buflen > 16 || gcm->buflen < 0) { return CRYPT_INVALID_ARG; } - + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { return err; } + /* 0xFFFFFFFE0 = ((2^39)-256)/8 */ + if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) { + return CRYPT_INVALID_ARG; + } + + if (gcm->mode == LTC_GCM_MODE_IV) { + /* let's process the IV */ + if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err; + } + /* in AAD mode? */ if (gcm->mode == LTC_GCM_MODE_AAD) { /* let's process the AAD */ @@ -77,12 +85,12 @@ x = 0; #ifdef LTC_FAST if (gcm->buflen == 0) { - if (direction == GCM_ENCRYPT) { + if (direction == GCM_ENCRYPT) { for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); - *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); + *(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); + *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); } /* GMAC it */ gcm->pttotlen += 128; @@ -99,8 +107,8 @@ for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); - *((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); + *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); + *(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); } /* GMAC it */ gcm->pttotlen += 128; @@ -113,16 +121,16 @@ return err; } } - } + } } -#endif +#endif /* process text */ for (; x < ptlen; x++) { if (gcm->buflen == 16) { gcm->pttotlen += 128; gcm_mult_h(gcm, gcm->X); - + /* increment counter */ for (y = 15; y >= 12; y--) { if (++gcm->Y[y] & 255) { break; } @@ -134,12 +142,12 @@ } if (direction == GCM_ENCRYPT) { - b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; + b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; } else { b = ct[x]; pt[x] = ct[x] ^ gcm->buf[gcm->buflen]; } - gcm->X[gcm->buflen++] ^= b; + gcm->X[gcm->buflen++] ^= b; } return CRYPT_OK; @@ -147,6 +155,6 @@ #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */