Mercurial > dropbear
view libtomcrypt/src/encauth/ocb/s_ocb_done.c @ 1485:3a916b945185
Use an explicit matrix instead, avoid bad clang combinations etc
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sat, 10 Feb 2018 18:57:44 +0800 |
parents | 6dba84798cd5 |
children |
line wrap: on
line source
/* LibTomCrypt, modular cryptographic library -- Tom St Denis * * LibTomCrypt is a library that provides various cryptographic * algorithms in a highly modular and flexible manner. * * The library is free for all purposes without any express * guarantee it works. */ /** @file s_ocb_done.c OCB implementation, internal helper, by Tom St Denis */ #include "tomcrypt.h" #ifdef LTC_OCB_MODE /* Since the last block is encrypted in CTR mode the same code can * be used to finish a decrypt or encrypt stream. The only difference * is we XOR the final ciphertext into the checksum so we have to xor it * before we CTR [decrypt] or after [encrypt] * * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... */ /** Shared code to finish an OCB stream @param ocb The OCB state @param pt The remaining plaintext [or input] @param ptlen The length of the input (octets) @param ct [out] The output buffer @param tag [out] The destination for the authentication tag @param taglen [in/out] The max size and resulting size of the authentication tag @param mode The mode we are terminating, 0==encrypt, 1==decrypt @return CRYPT_OK if successful */ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) { unsigned char *Z, *Y, *X; int err, x; LTC_ARGCHK(ocb != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(tag != NULL); LTC_ARGCHK(taglen != NULL); if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { return err; } if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length || (int)ptlen > ocb->block_len || (int)ptlen < 0) { return CRYPT_INVALID_ARG; } /* allocate ram */ Z = XMALLOC(MAXBLOCKSIZE); Y = XMALLOC(MAXBLOCKSIZE); X = XMALLOC(MAXBLOCKSIZE); if (X == NULL || Y == NULL || Z == NULL) { if (X != NULL) { XFREE(X); } if (Y != NULL) { XFREE(Y); } if (Z != NULL) { XFREE(Z); } return CRYPT_MEM; } /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ ocb_shift_xor(ocb, X); XMEMCPY(Z, X, ocb->block_len); X[ocb->block_len-1] ^= (ptlen*8)&255; X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; for (x = 0; x < ocb->block_len; x++) { X[x] ^= ocb->Lr[x]; } /* Y[m] = E(X[m])) */ if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { goto error; } if (mode == 1) { /* decrypt mode, so let's xor it first */ /* xor C[m] into checksum */ for (x = 0; x < (int)ptlen; x++) { ocb->checksum[x] ^= ct[x]; } } /* C[m] = P[m] xor Y[m] */ for (x = 0; x < (int)ptlen; x++) { ct[x] = pt[x] ^ Y[x]; } if (mode == 0) { /* encrypt mode */ /* xor C[m] into checksum */ for (x = 0; x < (int)ptlen; x++) { ocb->checksum[x] ^= ct[x]; } } /* xor Y[m] and Z[m] into checksum */ for (x = 0; x < ocb->block_len; x++) { ocb->checksum[x] ^= Y[x] ^ Z[x]; } /* encrypt checksum, er... tag!! */ if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { goto error; } cipher_descriptor[ocb->cipher].done(&ocb->key); /* now store it */ for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { tag[x] = X[x]; } *taglen = x; #ifdef LTC_CLEAN_STACK zeromem(X, MAXBLOCKSIZE); zeromem(Y, MAXBLOCKSIZE); zeromem(Z, MAXBLOCKSIZE); zeromem(ocb, sizeof(*ocb)); #endif error: XFREE(X); XFREE(Y); XFREE(Z); return err; } #endif /* ref: $Format:%D$ */ /* git commit: $Format:%H$ */ /* commit time: $Format:%ai$ */