1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
#include "tomcrypt.h"
/**
@file xcbc_init.c
XCBC Support, start an XCBC state
*/
#ifdef LTC_XCBC
/** Initialize XCBC-MAC state
@param xcbc [out] XCBC state to initialize
@param cipher Index of cipher to use
@param key [in] Secret key
@param keylen Length of secret key in octets
Return CRYPT_OK on success
*/
int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen)
{
int x, y, err;
symmetric_key *skey;
unsigned long k1;
LTC_ARGCHK(xcbc != NULL);
LTC_ARGCHK(key != NULL);
/* schedule the key */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
#ifdef LTC_FAST
if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
skey = NULL;
/* are we in pure XCBC mode with three keys? */
if (keylen & LTC_XCBC_PURE) {
keylen &= ~LTC_XCBC_PURE;
if (keylen < 2UL*cipher_descriptor[cipher].block_length) {
return CRYPT_INVALID_ARG;
}
k1 = keylen - 2*cipher_descriptor[cipher].block_length;
XMEMCPY(xcbc->K[0], key, k1);
XMEMCPY(xcbc->K[1], key+k1, cipher_descriptor[cipher].block_length);
XMEMCPY(xcbc->K[2], key+k1 + cipher_descriptor[cipher].block_length, cipher_descriptor[cipher].block_length);
} else {
/* use the key expansion */
k1 = cipher_descriptor[cipher].block_length;
/* schedule the user key */
skey = XCALLOC(1, sizeof(*skey));
if (skey == NULL) {
return CRYPT_MEM;
}
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
goto done;
}
/* make the three keys */
for (y = 0; y < 3; y++) {
for (x = 0; x < cipher_descriptor[cipher].block_length; x++) {
xcbc->K[y][x] = y + 1;
}
cipher_descriptor[cipher].ecb_encrypt(xcbc->K[y], xcbc->K[y], skey);
}
}
/* setup K1 */
err = cipher_descriptor[cipher].setup(xcbc->K[0], k1, 0, &xcbc->key);
/* setup struct */
zeromem(xcbc->IV, cipher_descriptor[cipher].block_length);
xcbc->blocksize = cipher_descriptor[cipher].block_length;
xcbc->cipher = cipher;
xcbc->buflen = 0;
done:
cipher_descriptor[cipher].done(skey);
if (skey != NULL) {
#ifdef LTC_CLEAN_STACK
zeromem(skey, sizeof(*skey));
#endif
XFREE(skey);
}
return err;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */
|