diff options
Diffstat (limited to 'src/encauth')
31 files changed, 511 insertions, 236 deletions
diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c index 48dc4b7..c5eee18 100644 --- a/src/encauth/ccm/ccm_memory.c +++ b/src/encauth/ccm/ccm_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -22,6 +22,7 @@ @param cipher The index of the cipher desired @param key The secret key to use @param keylen The length of the secret key (octets) + @param uskey A previously scheduled key [optional can be NULL] @param nonce The session nonce [use once] @param noncelen The length of the nonce @param header The header for the session @@ -36,6 +37,7 @@ */ int ccm_memory(int cipher, const unsigned char *key, unsigned long keylen, + symmetric_key *uskey, const unsigned char *nonce, unsigned long noncelen, const unsigned char *header, unsigned long headerlen, unsigned char *pt, unsigned long ptlen, @@ -48,7 +50,9 @@ int ccm_memory(int cipher, int err; unsigned long len, L, x, y, z, CTRlen; - LTC_ARGCHK(key != NULL); + if (uskey == NULL) { + LTC_ARGCHK(key != NULL); + } LTC_ARGCHK(nonce != NULL); if (headerlen > 0) { LTC_ARGCHK(header != NULL); @@ -85,15 +89,15 @@ int ccm_memory(int cipher, /* is there an accelerator? */ if (cipher_descriptor[cipher].accel_ccm_memory != NULL) { - cipher_descriptor[cipher].accel_ccm_memory( + return cipher_descriptor[cipher].accel_ccm_memory( key, keylen, + uskey, nonce, noncelen, header, headerlen, pt, ptlen, ct, tag, taglen, direction); - return CRYPT_OK; } /* let's get the L value */ @@ -113,23 +117,32 @@ int ccm_memory(int cipher, L = 15 - noncelen; } - /* allocate mem for the symmetric key */ - skey = XMALLOC(sizeof(*skey)); - if (skey == NULL) { - return CRYPT_MEM; + /* decrease noncelen to match L */ + if ((noncelen + L) > 15) { + noncelen = 15 - L; } - /* initialize the cipher */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) { - XFREE(skey); - return err; + /* allocate mem for the symmetric key */ + if (uskey == NULL) { + skey = XMALLOC(sizeof(*skey)); + if (skey == NULL) { + return CRYPT_MEM; + } + + /* initialize the cipher */ + if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) { + XFREE(skey); + return err; + } + } else { + skey = uskey; } /* form B_0 == flags | Nonce N | l(m) */ x = 0; - PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) | + PAD[x++] = (unsigned char)(((headerlen > 0) ? (1<<6) : 0) | (((*taglen - 2)>>1)<<3) | - (L-1); + (L-1)); /* nonce */ for (y = 0; y < (16 - (L + 1)); y++) { @@ -149,12 +162,14 @@ int ccm_memory(int cipher, PAD[x++] = 0; } for (; y < L; y++) { - PAD[x++] = (len >> 24) & 255; + PAD[x++] = (unsigned char)((len >> 24) & 255); len <<= 8; } /* encrypt PAD */ - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } /* handle header */ if (headerlen > 0) { @@ -177,7 +192,9 @@ int ccm_memory(int cipher, for (y = 0; y < headerlen; y++) { if (x == 16) { /* full block so let's encrypt it */ - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } x = 0; } PAD[x++] ^= header[y]; @@ -185,7 +202,9 @@ int ccm_memory(int cipher, /* remainder? */ if (x != 0) { - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } } } @@ -193,7 +212,7 @@ int ccm_memory(int cipher, x = 0; /* flags */ - ctr[x++] = L-1; + ctr[x++] = (unsigned char)L-1; /* nonce */ for (y = 0; y < (16 - (L+1)); ++y) { @@ -219,14 +238,18 @@ int ccm_memory(int cipher, ctr[z] = (ctr[z] + 1) & 255; if (ctr[z]) break; } - cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { + goto error; + } /* xor the PT against the pad first */ for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z])); *((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z])); } - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } } } else { for (; y < (ptlen & ~15); y += 16) { @@ -235,14 +258,18 @@ int ccm_memory(int cipher, ctr[z] = (ctr[z] + 1) & 255; if (ctr[z]) break; } - cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { + goto error; + } /* xor the PT against the pad last */ for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z])); *((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z])); } - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } } } } @@ -255,7 +282,9 @@ int ccm_memory(int cipher, ctr[z] = (ctr[z] + 1) & 255; if (ctr[z]) break; } - cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { + goto error; + } CTRlen = 0; } @@ -269,21 +298,32 @@ int ccm_memory(int cipher, } if (x == 16) { - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } x = 0; } PAD[x++] ^= b; } if (x != 0) { - cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { + goto error; + } } } - /* setup CTR for the TAG */ - ctr[14] = ctr[15] = 0x00; - cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); - cipher_descriptor[cipher].done(skey); + /* setup CTR for the TAG (zero the count) */ + for (y = 15; y > 15 - L; y--) { + ctr[y] = 0x00; + } + if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { + goto error; + } + + if (skey != uskey) { + cipher_descriptor[cipher].done(skey); + } /* store the TAG */ for (x = 0; x < 16 && x < *taglen; x++) { @@ -296,14 +336,16 @@ int ccm_memory(int cipher, zeromem(PAD, sizeof(PAD)); zeromem(CTRPAD, sizeof(CTRPAD)); #endif +error: + if (skey != uskey) { + XFREE(skey); + } - XFREE(skey); - - return CRYPT_OK; + return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_memory.c,v $ */ -/* $Revision: 1.9 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.18 $ */ +/* $Date: 2006/12/04 21:34:03 $ */ diff --git a/src/encauth/ccm/ccm_test.c b/src/encauth/ccm/ccm_test.c index c33502a..3a45bfb 100644 --- a/src/encauth/ccm/ccm_test.c +++ b/src/encauth/ccm/ccm_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ #include "tomcrypt.h" @@ -116,6 +116,7 @@ int ccm_test(void) unsigned long taglen, x; unsigned char buf[64], buf2[64], tag2[16], tag[16]; int err, idx; + symmetric_key skey; idx = find_cipher("aes"); if (idx == -1) { @@ -127,8 +128,13 @@ int ccm_test(void) for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) { taglen = tests[x].taglen; + if ((err = cipher_descriptor[idx].setup(tests[x].key, 16, 0, &skey)) != CRYPT_OK) { + return err; + } + if ((err = ccm_memory(idx, tests[x].key, 16, + &skey, tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, (unsigned char*)tests[x].pt, tests[x].ptlen, @@ -137,31 +143,31 @@ int ccm_test(void) return err; } - if (memcmp(buf, tests[x].ct, tests[x].ptlen)) { + if (XMEMCMP(buf, tests[x].ct, tests[x].ptlen)) { return CRYPT_FAIL_TESTVECTOR; } - if (memcmp(tag, tests[x].tag, tests[x].taglen)) { + if (XMEMCMP(tag, tests[x].tag, tests[x].taglen)) { return CRYPT_FAIL_TESTVECTOR; } if ((err = ccm_memory(idx, tests[x].key, 16, + NULL, tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen, buf2, tests[x].ptlen, buf, - tag2, &taglen, 1 )) != CRYPT_OK) { + tag2, &taglen, 1 )) != CRYPT_OK) { return err; } - if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) { + if (XMEMCMP(buf2, tests[x].pt, tests[x].ptlen)) { return CRYPT_FAIL_TESTVECTOR; } - if (memcmp(tag2, tests[x].tag, tests[x].taglen)) { + if (XMEMCMP(tag2, tests[x].tag, tests[x].taglen)) { return CRYPT_FAIL_TESTVECTOR; - } - - + } + cipher_descriptor[idx].done(&skey); } return CRYPT_OK; #endif @@ -170,5 +176,5 @@ int ccm_test(void) #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_test.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.8 $ */ +/* $Date: 2006/11/21 00:18:23 $ */ diff --git a/src/encauth/eax/eax_addheader.c b/src/encauth/eax/eax_addheader.c index cfb325d..b1054e5 100644 --- a/src/encauth/eax/eax_addheader.c +++ b/src/encauth/eax/eax_addheader.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @file eax_addheader.c @@ -34,5 +34,5 @@ int eax_addheader(eax_state *eax, const unsigned char *header, #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_addheader.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_decrypt.c b/src/encauth/eax/eax_decrypt.c index 13e23cc..22a66ab 100644 --- a/src/encauth/eax/eax_decrypt.c +++ b/src/encauth/eax/eax_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -46,5 +46,5 @@ int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_decrypt_verify_memory.c b/src/encauth/eax/eax_decrypt_verify_memory.c index d6d72ab..693ddfa 100644 --- a/src/encauth/eax/eax_decrypt_verify_memory.c +++ b/src/encauth/eax/eax_decrypt_verify_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -84,7 +84,7 @@ int eax_decrypt_verify_memory(int cipher, } /* compare tags */ - if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) { + if (buflen >= taglen && XMEMCMP(buf, tag, taglen) == 0) { *stat = 1; } @@ -104,5 +104,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/11/01 09:28:17 $ */ diff --git a/src/encauth/eax/eax_done.c b/src/encauth/eax/eax_done.c index 10e2c23..1e02939 100644 --- a/src/encauth/eax/eax_done.c +++ b/src/encauth/eax/eax_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -90,5 +90,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_done.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_encrypt.c b/src/encauth/eax/eax_encrypt.c index a646588..dc8bc3d 100644 --- a/src/encauth/eax/eax_encrypt.c +++ b/src/encauth/eax/eax_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -47,5 +47,5 @@ int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_encrypt_authenticate_memory.c b/src/encauth/eax/eax_encrypt_authenticate_memory.c index 9760616..e9e52d0 100644 --- a/src/encauth/eax/eax_encrypt_authenticate_memory.c +++ b/src/encauth/eax/eax_encrypt_authenticate_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -78,5 +78,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_init.c b/src/encauth/eax/eax_init.c index 942b25f..48512b5 100644 --- a/src/encauth/eax/eax_init.c +++ b/src/encauth/eax/eax_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -140,5 +140,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_init.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/eax/eax_test.c b/src/encauth/eax/eax_test.c index b08f5ab..d154271 100644 --- a/src/encauth/eax/eax_test.c +++ b/src/encauth/eax/eax_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -231,7 +231,7 @@ int eax_test(void) tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) { return err; } - if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) { + if (XMEMCMP(outct, tests[x].ciphertext, tests[x].msglen) || XMEMCMP(outtag, tests[x].tag, len)) { #if 0 unsigned long y; printf("\n\nFailure: \nCT:\n"); @@ -256,7 +256,7 @@ int eax_test(void) outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) { return err; } - if ((res != 1) || memcmp(outct, tests[x].plaintext, tests[x].msglen)) { + if ((res != 1) || XMEMCMP(outct, tests[x].plaintext, tests[x].msglen)) { #if 0 unsigned long y; printf("\n\nFailure (res == %d): \nPT:\n", res); @@ -278,5 +278,5 @@ int eax_test(void) #endif /* EAX_MODE */ /* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_test.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/11/01 09:28:17 $ */ diff --git a/src/encauth/gcm/gcm_add_aad.c b/src/encauth/gcm/gcm_add_aad.c index 03cb279..6037c6c 100644 --- a/src/encauth/gcm/gcm_add_aad.c +++ b/src/encauth/gcm/gcm_add_aad.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -57,7 +57,7 @@ int gcm_add_aad(gcm_state *gcm, gcm->totlen += gcm->buflen * CONST64(8); gcm_mult_h(gcm, gcm->X); } - + /* mix in the length */ zeromem(gcm->buf, 8); STORE64H(gcm->totlen, gcm->buf+8); @@ -120,5 +120,5 @@ int gcm_add_aad(gcm_state *gcm, /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_aad.c,v $ */ -/* $Revision: 1.14 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.16 $ */ +/* $Date: 2006/09/23 19:24:21 $ */ diff --git a/src/encauth/gcm/gcm_add_iv.c b/src/encauth/gcm/gcm_add_iv.c index 107cf35..44e3167 100644 --- a/src/encauth/gcm/gcm_add_iv.c +++ b/src/encauth/gcm/gcm_add_iv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -90,5 +90,5 @@ int gcm_add_iv(gcm_state *gcm, /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_iv.c,v $ */ -/* $Revision: 1.6 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.7 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/gcm/gcm_done.c b/src/encauth/gcm/gcm_done.c index 96ef7f3..4cbd09f 100644 --- a/src/encauth/gcm/gcm_done.c +++ b/src/encauth/gcm/gcm_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -62,7 +62,9 @@ int gcm_done(gcm_state *gcm, gcm_mult_h(gcm, gcm->X); /* encrypt original counter */ - cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K); + if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) { + return err; + } for (x = 0; x < 16 && x < *taglen; x++) { tag[x] = gcm->buf[x] ^ gcm->X[x]; } @@ -77,5 +79,5 @@ int gcm_done(gcm_state *gcm, /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_done.c,v $ */ -/* $Revision: 1.7 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.9 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c index 06db22b..52e82dd 100644 --- a/src/encauth/gcm/gcm_gf_mult.c +++ b/src/encauth/gcm/gcm_gf_mult.c @@ -6,17 +6,59 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @file gcm_gf_mult.c - GCM implementation, initialize state, by Tom St Denis + GCM implementation, do the GF mult, by Tom St Denis */ #include "tomcrypt.h" -#ifdef GCM_MODE +#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST)) +/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the + * lower 16 bits are not zero'ed I removed the upper 14 bytes */ +const unsigned char gcm_shift_table[256*2] = { +0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, +0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, +0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, +0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, +0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, +0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, +0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, +0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, +0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, +0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, +0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, +0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, +0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, +0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, +0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, +0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, +0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, +0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, +0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, +0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, +0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, +0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, +0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, +0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, +0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, +0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, +0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, +0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, +0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, +0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, +0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, +0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; + +#endif + + +#if defined(GCM_MODE) || defined(LRW_MODE) + +#ifndef LTC_FAST /* right shift */ static void gcm_rightshift(unsigned char *a) { @@ -33,7 +75,7 @@ static const unsigned char poly[] = { 0x00, 0xE1 }; /** - GCM GF multiplier (internal use only) + GCM GF multiplier (internal use only) bitserial @param a First value @param b Second value @param c Destination for a * b @@ -58,37 +100,122 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char * XMEMCPY(c, Z, 16); } +#else + +/* map normal numbers to "ieee" way ... e.g. bit reversed */ +#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) ) + +#define BPD (sizeof(LTC_FAST_TYPE) * 8) +#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE))) + /** - GCM multiply by H - @param gcm The GCM state which holds the H value - @param I The value to multiply H by - */ -void gcm_mult_h(gcm_state *gcm, unsigned char *I) + GCM GF multiplier (internal use only) word oriented + @param a First value + @param b Second value + @param c Destination for a * b + */ +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) { - unsigned char T[16]; -#ifdef GCM_TABLES - int x, y; - XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); - for (x = 1; x < 16; x++) { -#ifdef LTC_FAST - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y])); + int i, j, k, u; + LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z; + unsigned char pTmp[32]; + + /* create simple tables */ + zeromem(B[0], sizeof(B[0])); + zeromem(B[M(1)], sizeof(B[M(1)])); + +#ifdef ENDIAN_32BITWORD + for (i = 0; i < 4; i++) { + LOAD32H(B[M(1)][i], a + (i<<2)); + LOAD32L(pB[i], b + (i<<2)); + } +#else + for (i = 0; i < 2; i++) { + LOAD64H(B[M(1)][i], a + (i<<3)); + LOAD64L(pB[i], b + (i<<3)); + } +#endif + + /* now create 2, 4 and 8 */ + B[M(2)][0] = B[M(1)][0] >> 1; + B[M(4)][0] = B[M(1)][0] >> 2; + B[M(8)][0] = B[M(1)][0] >> 3; + for (i = 1; i < (int)WPV; i++) { + B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1); + B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2); + B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3); + } + + /* now all values with two bits which are 3, 5, 6, 9, 10, 12 */ + for (i = 0; i < (int)WPV; i++) { + B[M(3)][i] = B[M(1)][i] ^ B[M(2)][i]; + B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i]; + B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i]; + B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i]; + B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i]; + B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i]; + + /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */ + B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i]; + B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i]; + B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i]; + B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i]; + B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i]; + } + + zeromem(tmp, sizeof(tmp)); + + /* compute product four bits of each word at a time */ + /* for each nibble */ + for (i = (BPD/4)-1; i >= 0; i--) { + /* for each word */ + for (j = 0; j < (int)(WPV-1); j++) { + /* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */ + u = (pB[j] >> ((i^1)<<2)) & 15; + + /* add offset by the word count the table looked up value to the result */ + for (k = 0; k < (int)WPV; k++) { + tmp[k+j] ^= B[u][k]; + } } -#else - for (y = 0; y < 16; y++) { - T[y] ^= gcm->PC[x][I[x]][y]; + /* shift result up by 4 bits */ + if (i != 0) { + for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) { + zz = tmp[j] << (BPD-4); + tmp[j] = (tmp[j] >> 4) | z; + z = zz; + } } -#endif } -#else - gcm_gf_mult(gcm->H, I, T); + + /* store product */ +#ifdef ENDIAN_32BITWORD + for (i = 0; i < 8; i++) { + STORE32H(tmp[i], pTmp + (i<<2)); + } +#else + for (i = 0; i < 4; i++) { + STORE64H(tmp[i], pTmp + (i<<3)); + } #endif - XMEMCPY(I, T, 16); + + /* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */ + for (i = 31; i >= 16; i--) { + pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)]; + pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1]; + } + + for (i = 0; i < 16; i++) { + c[i] = pTmp[i]; + } + } +#endif #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_gf_mult.c,v $ */ -/* $Revision: 1.16 $ */ -/* $Date: 2005/05/21 14:33:42 $ */ +/* $Revision: 1.23 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ + diff --git a/src/encauth/gcm/gcm_init.c b/src/encauth/gcm/gcm_init.c index 249b61d..c0f7a5a 100644 --- a/src/encauth/gcm/gcm_init.c +++ b/src/encauth/gcm/gcm_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -17,46 +17,6 @@ #ifdef GCM_MODE -#ifdef GCM_TABLES - -/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the - * lower 16 bits are not zero'ed I removed the upper 14 bytes */ -static const unsigned char gcm_shift_table[256*2] = { -0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, -0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, -0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, -0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, -0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, -0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, -0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, -0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, -0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, -0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, -0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, -0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, -0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, -0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, -0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, -0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, -0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, -0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, -0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, -0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, -0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, -0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, -0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, -0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, -0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, -0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, -0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, -0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, -0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, -0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, -0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, -0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; - -#endif - /** Initialize a GCM state @param gcm The GCM state to initialize @@ -98,7 +58,9 @@ int gcm_init(gcm_state *gcm, int cipher, /* H = E(0) */ zeromem(B, 16); - cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K); + if ((err = cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K)) != CRYPT_OK) { + return err; + } /* setup state */ zeromem(gcm->buf, sizeof(gcm->buf)); @@ -141,5 +103,5 @@ int gcm_init(gcm_state *gcm, int cipher, #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_init.c,v $ */ -/* $Revision: 1.15 $ */ -/* $Date: 2005/05/21 15:05:19 $ */ +/* $Revision: 1.18 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/gcm/gcm_memory.c b/src/encauth/gcm/gcm_memory.c index ee10d3f..ddec010 100644 --- a/src/encauth/gcm/gcm_memory.c +++ b/src/encauth/gcm/gcm_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -43,6 +43,7 @@ int gcm_memory( int cipher, unsigned char *tag, unsigned long *taglen, int direction) { + void *orig; gcm_state *gcm; int err; @@ -51,7 +52,8 @@ int gcm_memory( int cipher, } if (cipher_descriptor[cipher].accel_gcm_memory != NULL) { - cipher_descriptor[cipher].accel_gcm_memory + return + cipher_descriptor[cipher].accel_gcm_memory (key, keylen, IV, IVlen, adata, adatalen, @@ -59,15 +61,29 @@ int gcm_memory( int cipher, ct, tag, taglen, direction); - return CRYPT_OK; } - gcm = XMALLOC(sizeof(*gcm)); + +#ifndef GCM_TABLES_SSE2 + orig = gcm = XMALLOC(sizeof(*gcm)); +#else + orig = gcm = XMALLOC(sizeof(*gcm) + 16); +#endif if (gcm == NULL) { return CRYPT_MEM; } + /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations + * note that we only modify gcm and keep orig intact. This code is not portable + * but again it's only for SSE2 anyways, so who cares? + */ +#ifdef GCM_TABLES_SSE2 + if ((unsigned long)gcm & 15) { + gcm = (gcm_state *)((unsigned long)gcm + (16 - ((unsigned long)gcm & 15))); + } +#endif + if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) { goto LTC_ERR; } @@ -82,12 +98,12 @@ int gcm_memory( int cipher, } err = gcm_done(gcm, tag, taglen); LTC_ERR: - XFREE(gcm); + XFREE(orig); return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_memory.c,v $ */ -/* $Revision: 1.19 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.23 $ */ +/* $Date: 2006/09/07 10:00:57 $ */ diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c new file mode 100644 index 0000000..8391e00 --- /dev/null +++ b/src/encauth/gcm/gcm_mult_h.c @@ -0,0 +1,58 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/** + @file gcm_mult_h.c + GCM implementation, do the GF mult, by Tom St Denis +*/ +#include "tomcrypt.h" + +#if defined(GCM_MODE) +/** + GCM multiply by H + @param gcm The GCM state which holds the H value + @param I The value to multiply H by + */ +void gcm_mult_h(gcm_state *gcm, unsigned char *I) +{ + unsigned char T[16]; +#ifdef GCM_TABLES + int x, y; +#ifdef GCM_TABLES_SSE2 + asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0])); + for (x = 1; x < 16; x++) { + asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0])); + } + asm("movdqa %%xmm0,(%0)"::"r"(&T)); +#else + XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); + for (x = 1; x < 16; x++) { +#ifdef LTC_FAST + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y])); + } +#else + for (y = 0; y < 16; y++) { + T[y] ^= gcm->PC[x][I[x]][y]; + } +#endif /* LTC_FAST */ + } +#endif /* GCM_TABLES_SSE2 */ +#else + gcm_gf_mult(gcm->H, I, T); +#endif + XMEMCPY(I, T, 16); +} +#endif + +/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_mult_h.c,v $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/08/23 20:40:23 $ */ diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c index f512e28..f4d21d3 100644 --- a/src/encauth/gcm/gcm_process.c +++ b/src/encauth/gcm/gcm_process.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -31,9 +31,9 @@ int gcm_process(gcm_state *gcm, unsigned char *ct, int direction) { - unsigned long x, y; + unsigned long x; + int y, err; unsigned char b; - int err; LTC_ARGCHK(gcm != NULL); if (ptlen > 0) { @@ -59,10 +59,12 @@ int gcm_process(gcm_state *gcm, /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } } /* encrypt the counter */ - cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); + if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { + return err; + } gcm->buflen = 0; gcm->mode = GCM_MODE_TEXT; @@ -87,9 +89,11 @@ int gcm_process(gcm_state *gcm, gcm_mult_h(gcm, gcm->X); /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } + } + if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { + return err; } - cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); } } else { for (x = 0; x < (ptlen & ~15); x += 16) { @@ -103,9 +107,11 @@ int gcm_process(gcm_state *gcm, gcm_mult_h(gcm, gcm->X); /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } + } + if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { + return err; } - cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); } } } @@ -119,9 +125,11 @@ int gcm_process(gcm_state *gcm, /* increment counter */ for (y = 15; y >= 12; y--) { - if (++gcm->Y[y]) { break; } + if (++gcm->Y[y] & 255) { break; } + } + if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { + return err; } - cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); gcm->buflen = 0; } @@ -137,11 +145,8 @@ int gcm_process(gcm_state *gcm, return CRYPT_OK; } - - #endif - /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_process.c,v $ */ -/* $Revision: 1.8 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.14 $ */ +/* $Date: 2006/11/19 19:33:36 $ */ diff --git a/src/encauth/gcm/gcm_reset.c b/src/encauth/gcm/gcm_reset.c index b336a92..a6a8522 100644 --- a/src/encauth/gcm/gcm_reset.c +++ b/src/encauth/gcm/gcm_reset.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -40,5 +40,5 @@ int gcm_reset(gcm_state *gcm) #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_reset.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/gcm/gcm_test.c b/src/encauth/gcm/gcm_test.c index 7106188..2f8539b 100644 --- a/src/encauth/gcm/gcm_test.c +++ b/src/encauth/gcm/gcm_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -29,13 +29,13 @@ int gcm_test(void) static const struct { unsigned char K[32]; int keylen; - unsigned char P[64]; + unsigned char P[128]; unsigned long ptlen; - unsigned char A[64]; + unsigned char A[128]; unsigned long alen; - unsigned char IV[64]; + unsigned char IV[128]; unsigned long IVlen; - unsigned char C[64]; + unsigned char C[128]; unsigned char T[16]; } tests[] = { @@ -275,13 +275,58 @@ int gcm_test(void) /* TAG */ { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, } +}, + +/* test case #46 from BG (catches the LTC bug of v1.15) */ +{ + /* key */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + 16, + + /* PT */ + { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd, + 0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7, + 0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7, + 0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53, + 0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7, + 0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29, + 0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4, + 0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd, + 0x75, 0x8d, 0x2c }, + 67, + + /* ADATA */ + { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d, + 0xc7, 0xb4, 0xc4, 0x7f, 0x44 }, + 13, + + /* IV */ + { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07, + 0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 }, + 16, + + /* CT */ + { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc, + 0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56, + 0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec, + 0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b, + 0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7, + 0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31, + 0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f, + 0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8, + 0xb2, 0x97, 0xa8 }, + + /* TAG */ + { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b, + 0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf } } /* rest of test cases are the same except AES key size changes... ignored... */ }; int idx, err; unsigned long x, y; - unsigned char out[2][64], T[2][16]; + unsigned char out[2][128], T[2][16]; /* find aes */ idx = find_cipher("aes"); @@ -302,7 +347,7 @@ int gcm_test(void) return err; } - if (memcmp(out[0], tests[x].C, tests[x].ptlen)) { + if (XMEMCMP(out[0], tests[x].C, tests[x].ptlen)) { #if 0 printf("\nCiphertext wrong %lu\n", x); for (y = 0; y < tests[x].ptlen; y++) { @@ -313,7 +358,7 @@ int gcm_test(void) return CRYPT_FAIL_TESTVECTOR; } - if (memcmp(T[0], tests[x].T, 16)) { + if (XMEMCMP(T[0], tests[x].T, 16)) { #if 0 printf("\nTag on plaintext wrong %lu\n", x); for (y = 0; y < 16; y++) { @@ -333,7 +378,7 @@ int gcm_test(void) return err; } - if (memcmp(out[1], tests[x].P, tests[x].ptlen)) { + if (XMEMCMP(out[1], tests[x].P, tests[x].ptlen)) { #if 0 printf("\nplaintext wrong %lu\n", x); for (y = 0; y < tests[x].ptlen; y++) { @@ -344,7 +389,7 @@ int gcm_test(void) return CRYPT_FAIL_TESTVECTOR; } - if (memcmp(T[1], tests[x].T, 16)) { + if (XMEMCMP(T[1], tests[x].T, 16)) { #if 0 printf("\nTag on ciphertext wrong %lu\n", x); for (y = 0; y < 16; y++) { @@ -364,5 +409,5 @@ int gcm_test(void) /* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_test.c,v $ */ -/* $Revision: 1.15 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.20 $ */ +/* $Date: 2006/12/03 17:25:44 $ */ diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c index a0f2754..58f3825 100644 --- a/src/encauth/ocb/ocb_decrypt.c +++ b/src/encauth/ocb/ocb_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -51,7 +51,9 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) for (x = 0; x < ocb->block_len; x++) { tmp[x] = ct[x] ^ Z[x]; } - cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key); + if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) { + return err; + } for (x = 0; x < ocb->block_len; x++) { pt[x] ^= Z[x]; } @@ -73,5 +75,5 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c index 0173eff..b7b8840 100644 --- a/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ b/src/encauth/ocb/ocb_decrypt_verify_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -82,5 +82,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c index fb149bd..2a3ae39 100644 --- a/src/encauth/ocb/ocb_done_decrypt.c +++ b/src/encauth/ocb/ocb_done_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -57,7 +57,7 @@ int ocb_done_decrypt(ocb_state *ocb, goto LBL_ERR; } - if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) { + if (taglen <= tagbuflen && XMEMCMP(tagbuf, tag, taglen) == 0) { *stat = 1; } @@ -76,5 +76,5 @@ LBL_ERR: /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/11/01 09:28:17 $ */ diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c index 27126e7..5948d82 100644 --- a/src/encauth/ocb/ocb_done_encrypt.c +++ b/src/encauth/ocb/ocb_done_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -42,5 +42,5 @@ int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptle /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c index 2a48551..3c4991c 100644 --- a/src/encauth/ocb/ocb_encrypt.c +++ b/src/encauth/ocb/ocb_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -51,7 +51,9 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) for (x = 0; x < ocb->block_len; x++) { tmp[x] = pt[x] ^ Z[x]; } - cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key); + if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key)) != CRYPT_OK) { + return err; + } for (x = 0; x < ocb->block_len; x++) { ct[x] ^= Z[x]; } @@ -66,5 +68,5 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c index beb72c8..e58975e 100644 --- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -80,5 +80,5 @@ LBL_ERR: #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c index 9266d5c..536af87 100644 --- a/src/encauth/ocb/ocb_init.c +++ b/src/encauth/ocb/ocb_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -76,13 +76,17 @@ int ocb_init(ocb_state *ocb, int cipher, /* find L = E[0] */ zeromem(ocb->L, ocb->block_len); - cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key); + if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) { + return err; + } /* find R = E[N xor L] */ for (x = 0; x < ocb->block_len; x++) { ocb->R[x] = ocb->L[x] ^ nonce[x]; } - cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key); + if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) { + return err; + } /* find Ls[i] = L << i for i == 0..31 */ XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len); @@ -129,5 +133,5 @@ int ocb_init(ocb_state *ocb, int cipher, #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_init.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c index 9b83c53..8100ec0 100644 --- a/src/encauth/ocb/ocb_ntz.c +++ b/src/encauth/ocb/ocb_ntz.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -38,5 +38,5 @@ int ocb_ntz(unsigned long x) #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_ntz.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c index b03de4b..dea43ee 100644 --- a/src/encauth/ocb/ocb_shift_xor.c +++ b/src/encauth/ocb/ocb_shift_xor.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -35,5 +35,5 @@ void ocb_shift_xor(ocb_state *ocb, unsigned char *Z) #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.4 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c index 7a7fc77..4d7ed78 100644 --- a/src/encauth/ocb/ocb_test.c +++ b/src/encauth/ocb/ocb_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -182,7 +182,7 @@ int ocb_test(void) return err; } - if (memcmp(outtag, tests[x].tag, len) || memcmp(outct, tests[x].ct, tests[x].ptlen)) { + if (XMEMCMP(outtag, tests[x].tag, len) || XMEMCMP(outct, tests[x].ct, tests[x].ptlen)) { #if 0 unsigned long y; printf("\n\nFailure: \nCT:\n"); @@ -205,7 +205,7 @@ int ocb_test(void) outct, tests[x].tag, len, &res)) != CRYPT_OK) { return err; } - if ((res != 1) || memcmp(tests[x].pt, outct, tests[x].ptlen)) { + if ((res != 1) || XMEMCMP(tests[x].pt, outct, tests[x].ptlen)) { #if 0 unsigned long y; printf("\n\nFailure-decrypt: \nPT:\n"); @@ -233,5 +233,5 @@ int ocb_test(void) */ /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_test.c,v $ */ -/* $Revision: 1.3 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.5 $ */ +/* $Date: 2006/11/01 09:28:17 $ */ diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c index 7399b54..7688a42 100644 --- a/src/encauth/ocb/s_ocb_done.c +++ b/src/encauth/ocb/s_ocb_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com */ /** @@ -84,7 +84,9 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, } /* Y[m] = E(X[m])) */ - cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key); + if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { + goto error; + } if (mode == 1) { /* decrypt mode, so let's xor it first */ @@ -113,7 +115,9 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, } /* encrypt checksum, er... tag!! */ - cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key); + if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { + goto error; + } cipher_descriptor[ocb->cipher].done(&ocb->key); /* now store it */ @@ -128,17 +132,17 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, zeromem(Z, MAXBLOCKSIZE); zeromem(ocb, sizeof(*ocb)); #endif - +error: XFREE(X); XFREE(Y); XFREE(Z); - return CRYPT_OK; + return err; } #endif /* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/s_ocb_done.c,v $ */ -/* $Revision: 1.4 $ */ -/* $Date: 2005/05/05 14:35:58 $ */ +/* $Revision: 1.6 $ */ +/* $Date: 2006/03/31 14:15:35 $ */ |