diff src/encauth/gcm/gcm_process.c @ 192:9cc34777b479 libtomcrypt

propagate from branch 'au.asn.ucc.matt.ltc-orig' (head 9ba8f01f44320e9cb9f19881105ae84f84a43ea9) to branch 'au.asn.ucc.matt.dropbear.ltc' (head dbf51c569bc34956ad948e4cc87a0eeb2170b768)
author Matt Johnston <matt@ucc.asn.au>
date Sun, 08 May 2005 06:36:47 +0000
parents 1c15b283127b
children 39d5d58461d6
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/encauth/gcm/gcm_process.c	Sun May 08 06:36:47 2005 +0000
@@ -0,0 +1,143 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_process.c
+   GCM implementation, process message data, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/** 
+  Process plaintext/ciphertext through GCM
+  @param gcm       The GCM state 
+  @param pt        The plaintext
+  @param ptlen     The plaintext length (ciphertext length is the same)
+  @param ct        The ciphertext
+  @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+  @return CRYPT_OK on success
+ */
+int gcm_process(gcm_state *gcm,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct,
+                     int direction)
+{
+   unsigned long x, y;
+   unsigned char b;
+   int           err;
+
+   LTC_ARGCHK(gcm != NULL);
+   if (ptlen > 0) {
+      LTC_ARGCHK(pt  != NULL);
+      LTC_ARGCHK(ct  != NULL);
+   }
+
+   if (gcm->buflen > 16 || gcm->buflen < 0) {
+      return CRYPT_INVALID_ARG;
+   }
+ 
+   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* in AAD mode? */
+   if (gcm->mode == GCM_MODE_AAD) {
+      /* let's process the AAD */
+      if (gcm->buflen) {
+         gcm->totlen += gcm->buflen * CONST64(8);
+         gcm_mult_h(gcm, gcm->X);
+      }
+
+      /* increment counter */
+      for (y = 15; y >= 12; y--) {
+          if (++gcm->Y[y]) { break; }
+      }
+      /* encrypt the counter */
+      cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);     
+
+      gcm->buflen = 0;
+      gcm->mode   = GCM_MODE_TEXT;
+   }
+
+   if (gcm->mode != GCM_MODE_TEXT) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   x = 0;
+#ifdef LTC_FAST
+   if (gcm->buflen == 0) {
+      if (direction == GCM_ENCRYPT) { 
+         for (x = 0; x < (ptlen & ~15); x += 16) {
+             /* ctr encrypt */
+             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+                 *((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
+                 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
+             }
+             /* GMAC it */
+             gcm->pttotlen += 128;
+             gcm_mult_h(gcm, gcm->X);
+             /* increment counter */
+             for (y = 15; y >= 12; y--) {
+                 if (++gcm->Y[y]) { break; }
+             }
+             cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+         }
+      } else {
+         for (x = 0; x < (ptlen & ~15); x += 16) {
+             /* ctr encrypt */
+             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+                 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
+                 *((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
+             }
+             /* GMAC it */
+             gcm->pttotlen += 128;
+             gcm_mult_h(gcm, gcm->X);
+             /* increment counter */
+             for (y = 15; y >= 12; y--) {
+                 if (++gcm->Y[y]) { break; }
+             }
+             cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+         }
+     }
+   }
+#endif        
+
+   /* process text */
+   for (; x < ptlen; x++) {
+       if (gcm->buflen == 16) {
+          gcm->pttotlen += 128;
+          gcm_mult_h(gcm, gcm->X);
+          
+          /* increment counter */
+          for (y = 15; y >= 12; y--) {
+              if (++gcm->Y[y]) { break; }
+          }
+          cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+          gcm->buflen = 0;
+       }
+
+       if (direction == GCM_ENCRYPT) {
+          b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; 
+       } else {
+          b = ct[x];
+          pt[x] = ct[x] ^ gcm->buf[gcm->buflen];
+       }
+       gcm->X[gcm->buflen++] ^= b;          
+   }
+
+   return CRYPT_OK;
+}
+
+
+
+#endif
+