ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)

Browse Source 
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)

--HG--
extra : convert_revision : dc4809882e1b9f2dcd3f8bbe38c74a0a52c39ce4
This commit is contained in:
Matt Johnston
2006-03-08 13:23:58 +00:00
parent 33defd1f9b 8608a8e64c
commit 6ae3a09ef3
623 changed files with 88913 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

309
libtomcrypt/src/encauth/ccm/ccm_memory.c Normal file
View File

@@ -0,0 +1,309 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file ccm_memory.c
CCM support, process a block of memory, Tom St Denis
*/
#ifdef CCM_MODE
/**
CCM encrypt/decrypt and produce an authentication tag
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@param headerlen The length of the header (octets)
@param pt [out] The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The destination tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@param direction Encrypt or Decrypt direction (0 or 1)
@return CRYPT_OK if successful
*/
int ccm_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen,
int direction)
{
unsigned char PAD[16], ctr[16], CTRPAD[16], b;
symmetric_key *skey;
int err;
unsigned long len, L, x, y, z, CTRlen;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
LTC_ARGCHK(header != NULL);
}
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
#ifdef LTC_FAST
if (16 % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
/* check cipher input */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[cipher].block_length != 16) {
return CRYPT_INVALID_CIPHER;
}
/* make sure the taglen is even and <= 16 */
*taglen &= ~1;
if (*taglen > 16) {
*taglen = 16;
}
/* can't use < 4 */
if (*taglen < 4) {
return CRYPT_INVALID_ARG;
}
/* is there an accelerator? */
if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
cipher_descriptor[cipher].accel_ccm_memory(
key, keylen,
nonce, noncelen,
header, headerlen,
pt, ptlen,
ct,
tag, taglen,
direction);
return CRYPT_OK;
}
/* let's get the L value */
len = ptlen;
L = 0;
while (len) {
++L;
len >>= 8;
}
if (L <= 1) {
L = 2;
}
/* increase L to match the nonce len */
noncelen = (noncelen > 13) ? 13 : noncelen;
if ((15 - noncelen) > L) {
L = 15 - noncelen;
}
/* allocate mem for the symmetric key */
skey = XMALLOC(sizeof(*skey));
if (skey == NULL) {
return CRYPT_MEM;
}
/* initialize the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
XFREE(skey);
return err;
}
/* form B_0 == flags | Nonce N | l(m) */
x = 0;
PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) |
(((*taglen - 2)>>1)<<3) |
(L-1);
/* nonce */
for (y = 0; y < (16 - (L + 1)); y++) {
PAD[x++] = nonce[y];
}
/* store len */
len = ptlen;
/* shift len so the upper bytes of len are the contents of the length */
for (y = L; y < 4; y++) {
len <<= 8;
}
/* store l(m) (only store 32-bits) */
for (y = 0; L > 4 && (L-y)>4; y++) {
PAD[x++] = 0;
}
for (; y < L; y++) {
PAD[x++] = (len >> 24) & 255;
len <<= 8;
}
/* encrypt PAD */
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
/* handle header */
if (headerlen > 0) {
x = 0;
/* store length */
if (headerlen < ((1UL<<16) - (1UL<<8))) {
PAD[x++] ^= (headerlen>>8) & 255;
PAD[x++] ^= headerlen & 255;
} else {
PAD[x++] ^= 0xFF;
PAD[x++] ^= 0xFE;
PAD[x++] ^= (headerlen>>24) & 255;
PAD[x++] ^= (headerlen>>16) & 255;
PAD[x++] ^= (headerlen>>8) & 255;
PAD[x++] ^= headerlen & 255;
}
/* now add the data */
for (y = 0; y < headerlen; y++) {
if (x == 16) {
/* full block so let's encrypt it */
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
x = 0;
}
PAD[x++] ^= header[y];
}
/* remainder? */
if (x != 0) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
/* setup the ctr counter */
x = 0;
/* flags */
ctr[x++] = L-1;
/* nonce */
for (y = 0; y < (16 - (L+1)); ++y) {
ctr[x++] = nonce[y];
}
/* offset */
while (x < 16) {
ctr[x++] = 0;
}
x = 0;
CTRlen = 16;
/* now handle the PT */
if (ptlen > 0) {
y = 0;
#ifdef LTC_FAST
if (ptlen & ~15) {
if (direction == CCM_ENCRYPT) {
for (; y < (ptlen & ~15); y += 16) {
/* increment the ctr? */
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
/* xor the PT against the pad first */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
*((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
}
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
} else {
for (; y < (ptlen & ~15); y += 16) {
/* increment the ctr? */
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
/* xor the PT against the pad last */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
}
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
}
#endif
for (; y < ptlen; y++) {
/* increment the ctr? */
if (CTRlen == 16) {
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
CTRlen = 0;
}
/* if we encrypt we add the bytes to the MAC first */
if (direction == CCM_ENCRYPT) {
b = pt[y];
ct[y] = b ^ CTRPAD[CTRlen++];
} else {
b = ct[y] ^ CTRPAD[CTRlen++];
pt[y] = b;
}
if (x == 16) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
x = 0;
}
PAD[x++] ^= b;
}
if (x != 0) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
/* setup CTR for the TAG */
ctr[14] = ctr[15] = 0x00;
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
cipher_descriptor[cipher].done(skey);
/* store the TAG */
for (x = 0; x < 16 && x < *taglen; x++) {
tag[x] = PAD[x] ^ CTRPAD[x];
}
*taglen = x;
#ifdef LTC_CLEAN_STACK
zeromem(skey, sizeof(*skey));
zeromem(PAD, sizeof(PAD));
zeromem(CTRPAD, sizeof(CTRPAD));
#endif
XFREE(skey);
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_memory.c,v $ */
/* $Revision: 1.9 $ */
/* $Date: 2005/05/05 14:35:58 $ */

174
libtomcrypt/src/encauth/ccm/ccm_test.c Normal file
View File

@@ -0,0 +1,174 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file ccm_test.c
CCM support, process a block of memory, Tom St Denis
*/
#ifdef CCM_MODE
int ccm_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
unsigned char key[16];
unsigned char nonce[16];
int noncelen;
unsigned char header[64];
int headerlen;
unsigned char pt[64];
int ptlen;
unsigned char ct[64];
unsigned char tag[16];
int taglen;
} tests[] = {
/* 13 byte nonce, 8 byte auth, 23 byte pt */
{
{ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
{ 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0,
0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
13,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
8,
{ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E },
23,
{ 0x58, 0x8C, 0x97, 0x9A, 0x61, 0xC6, 0x63, 0xD2,
0xF0, 0x66, 0xD0, 0xC2, 0xC0, 0xF9, 0x89, 0x80,
0x6D, 0x5F, 0x6B, 0x61, 0xDA, 0xC3, 0x84 },
{ 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 },
8
},
/* 13 byte nonce, 12 byte header, 19 byte pt */
{
{ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
{ 0x00, 0x00, 0x00, 0x06, 0x05, 0x04, 0x03, 0xA0,
0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
13,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B },
12,
{ 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13,
0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B,
0x1C, 0x1D, 0x1E },
19,
{ 0xA2, 0x8C, 0x68, 0x65, 0x93, 0x9A, 0x9A, 0x79,
0xFA, 0xAA, 0x5C, 0x4C, 0x2A, 0x9D, 0x4A, 0x91,
0xCD, 0xAC, 0x8C },
{ 0x96, 0xC8, 0x61, 0xB9, 0xC9, 0xE6, 0x1E, 0xF1 },
8
},
/* supplied by Brian Gladman */
{
{ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f },
{ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 },
7,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
8,
{ 0x20, 0x21, 0x22, 0x23 },
4,
{ 0x71, 0x62, 0x01, 0x5b },
{ 0x4d, 0xac, 0x25, 0x5d },
4
},
{
{ 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f },
{ 0x00, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xb5,
0x03, 0x97, 0x76, 0xe7, 0x0c },
13,
{ 0x08, 0x40, 0x0f, 0xd2, 0xe1, 0x28, 0xa5, 0x7c,
0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xab, 0xae,
0xa5, 0xb8, 0xfc, 0xba, 0x00, 0x00 },
22,
{ 0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
0x7e, 0x78, 0xa0, 0x50 },
20,
{ 0xf3, 0xd0, 0xa2, 0xfe, 0x9a, 0x3d, 0xbf, 0x23,
0x42, 0xa6, 0x43, 0xe4, 0x32, 0x46, 0xe8, 0x0c,
0x3c, 0x04, 0xd0, 0x19 },
{ 0x78, 0x45, 0xce, 0x0b, 0x16, 0xf9, 0x76, 0x23 },
8
},
};
unsigned long taglen, x;
unsigned char buf[64], buf2[64], tag2[16], tag[16];
int err, idx;
idx = find_cipher("aes");
if (idx == -1) {
idx = find_cipher("rijndael");
if (idx == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) {
taglen = tests[x].taglen;
if ((err = ccm_memory(idx,
tests[x].key, 16,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
(unsigned char*)tests[x].pt, tests[x].ptlen,
buf,
tag, &taglen, 0)) != CRYPT_OK) {
return err;
}
if (memcmp(buf, tests[x].ct, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(tag, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if ((err = ccm_memory(idx,
tests[x].key, 16,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
buf2, tests[x].ptlen,
buf,
tag2, &taglen, 1 )) != CRYPT_OK) {
return err;
}
if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(tag2, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_test.c,v $ */
/* $Revision: 1.4 $ */
/* $Date: 2005/05/05 14:35:58 $ */

38
libtomcrypt/src/encauth/eax/eax_addheader.c Normal file
View File

@@ -0,0 +1,38 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_addheader.c
EAX implementation, add meta-data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
add header (metadata) to the stream
@param eax The current EAX state
@param header The header (meta-data) data you wish to add to the state
@param length The length of the header data
@return CRYPT_OK if successful
*/
int eax_addheader(eax_state *eax, const unsigned char *header,
unsigned long length)
{
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_addheader.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

50
libtomcrypt/src/encauth/eax/eax_decrypt.c Normal file
View File

@@ -0,0 +1,50 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_decrypt.c
EAX implementation, decrypt block, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Decrypt data with the EAX protocol
@param eax The EAX state
@param ct The ciphertext
@param pt [out] The plaintext
@param length The length (octets) of the ciphertext
@return CRYPT_OK if successful
*/
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt,
unsigned long length)
{
int err;
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* omac ciphertext */
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {
return err;
}
/* decrypt */
return ctr_decrypt(ct, pt, length, &eax->ctr);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

108
libtomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c Normal file
View File

@@ -0,0 +1,108 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_decrypt_verify_memory.c
EAX implementation, decrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Decrypt a block of memory and verify the provided MAC tag with EAX
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the key (octets)
@param nonce The nonce data (use once) for the session
@param noncelen The length of the nonce data.
@param header The session header data
@param headerlen The length of the header (octets)
@param ct The ciphertext
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The authentication tag provided by the encoder
@param taglen [in/out] The length of the tag (octets)
@param stat [out] The result of the decryption (1==valid tag, 0==invalid)
@return CRYPT_OK if successful regardless of the resulting tag comparison
*/
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *stat)
{
int err;
eax_state *eax;
unsigned char *buf;
unsigned long buflen;
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
/* default to zero */
*stat = 0;
/* allocate ram */
buf = XMALLOC(taglen);
eax = XMALLOC(sizeof(*eax));
if (eax == NULL || buf == NULL) {
if (eax != NULL) {
XFREE(eax);
}
if (buf != NULL) {
XFREE(buf);
}
return CRYPT_MEM;
}
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) {
goto LBL_ERR;
}
buflen = taglen;
if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* compare tags */
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
*stat = 1;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, taglen);
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);
XFREE(buf);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

94
libtomcrypt/src/encauth/eax/eax_done.c Normal file
View File

@@ -0,0 +1,94 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_done.c
EAX implementation, terminate session, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Terminate an EAX session and get the tag.
@param eax The EAX state
@param tag [out] The destination of the authentication tag
@param taglen [in/out] The max length and resulting length of the authentication tag
@return CRYPT_OK if successful
*/
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char *headermac, *ctmac;
unsigned long x, len;
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
headermac = XMALLOC(MAXBLOCKSIZE);
ctmac = XMALLOC(MAXBLOCKSIZE);
if (headermac == NULL || ctmac == NULL) {
if (headermac != NULL) {
XFREE(headermac);
}
if (ctmac != NULL) {
XFREE(ctmac);
}
return CRYPT_MEM;
}
/* finish ctomac */
len = MAXBLOCKSIZE;
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
goto LBL_ERR;
}
/* finish headeromac */
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
goto LBL_ERR;
}
/* terminate the CTR chain */
if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) {
goto LBL_ERR;
}
/* compute N xor H xor C */
for (x = 0; x < len && x < *taglen; x++) {
tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
}
*taglen = x;
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ctmac, MAXBLOCKSIZE);
zeromem(headermac, MAXBLOCKSIZE);
zeromem(eax, sizeof(*eax));
#endif
XFREE(ctmac);
XFREE(headermac);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_done.c,v $ */
/* $Revision: 1.4 $ */
/* $Date: 2005/05/05 14:35:58 $ */

51
libtomcrypt/src/encauth/eax/eax_encrypt.c Normal file
View File

@@ -0,0 +1,51 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_encrypt.c
EAX implementation, encrypt block by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Encrypt with EAX a block of data.
@param eax The EAX state
@param pt The plaintext to encrypt
@param ct [out] The ciphertext as encrypted
@param length The length of the plaintext (octets)
@return CRYPT_OK if successful
*/
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct,
unsigned long length)
{
int err;
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
return err;
}
/* omac ciphertext */
return omac_process(&eax->ctomac, ct, length);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

82
libtomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c Normal file
View File

@@ -0,0 +1,82 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_encrypt_authenticate_memory.c
EAX implementation, encrypt a block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
EAX encrypt and produce an authentication tag
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@param headerlen The length of the header (octets)
@param pt The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The destination tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful
*/
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state *eax;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
eax = XMALLOC(sizeof(*eax));
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

144
libtomcrypt/src/encauth/eax/eax_init.c Normal file
View File

@@ -0,0 +1,144 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_init.c
EAX implementation, initialized EAX state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Initialized an EAX state
@param eax [out] The EAX state to initialize
@param cipher The index of the desired cipher
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The use-once nonce for the session
@param noncelen The length of the nonce (octets)
@param header The header for the EAX state
@param headerlen The header length (octets)
@return CRYPT_OK if successful
*/
int eax_init(eax_state *eax, int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen)
{
unsigned char *buf;
int err, blklen;
omac_state *omac;
unsigned long len;
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
LTC_ARGCHK(header != NULL);
}
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
blklen = cipher_descriptor[cipher].block_length;
/* allocate ram */
buf = XMALLOC(MAXBLOCKSIZE);
omac = XMALLOC(sizeof(*omac));
if (buf == NULL || omac == NULL) {
if (buf != NULL) {
XFREE(buf);
}
if (omac != NULL) {
XFREE(omac);
}
return CRYPT_MEM;
}
/* N = OMAC_0K(nonce) */
zeromem(buf, MAXBLOCKSIZE);
if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* omac the [0]_n */
if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* omac the nonce */
if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* store result */
len = sizeof(eax->N);
if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) {
goto LBL_ERR;
}
/* H = OMAC_1K(header) */
zeromem(buf, MAXBLOCKSIZE);
buf[blklen - 1] = 1;
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* omac the [1]_n */
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* omac the header */
if (headerlen != 0) {
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
goto LBL_ERR;
}
}
/* note we don't finish the headeromac, this allows us to add more header later */
/* setup the CTR mode */
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, CTR_COUNTER_BIG_ENDIAN, &eax->ctr)) != CRYPT_OK) {
goto LBL_ERR;
}
/* setup the OMAC for the ciphertext */
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* omac [2]_n */
zeromem(buf, MAXBLOCKSIZE);
buf[blklen-1] = 2;
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, MAXBLOCKSIZE);
zeromem(omac, sizeof(*omac));
#endif
XFREE(omac);
XFREE(buf);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_init.c,v $ */
/* $Revision: 1.4 $ */
/* $Date: 2005/05/05 14:35:58 $ */

282
libtomcrypt/src/encauth/eax/eax_test.c Normal file
View File

@@ -0,0 +1,282 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_test.c
EAX implementation, self-test, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Test the EAX implementation
@return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
*/
int eax_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen,
noncelen,
headerlen,
msglen;
unsigned char key[MAXBLOCKSIZE],
nonce[MAXBLOCKSIZE],
header[MAXBLOCKSIZE],
plaintext[MAXBLOCKSIZE],
ciphertext[MAXBLOCKSIZE],
tag[MAXBLOCKSIZE];
} tests[] = {
/* NULL message */
{
16, 0, 0, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0 },
/* header */
{ 0 },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5,
0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff }
},
/* test with nonce */
{
16, 16, 0, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* header */
{ 0 },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb,
0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec }
},
/* test with header [no nonce] */
{
16, 0, 16, 0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0 },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* plaintext */
{ 0 },
/* ciphertext */
{ 0 },
/* tag */
{ 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0,
0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff }
},
/* test with header + nonce + plaintext */
{
16, 16, 16, 32,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* plaintext */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
/* ciphertext */
{ 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b,
0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78,
0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f,
0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc },
/* tag */
{ 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e,
0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 }
},
/* test with header + nonce + plaintext [not even sizes!] */
{
16, 15, 14, 29,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e },
/* header */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d },
/* plaintext */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c },
/* ciphertext */
{ 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59,
0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8,
0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c,
0x8a, 0x24, 0xdb, 0x86, 0x8b },
/* tag */
{ 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2,
0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda }
},
/* Vectors from Brian Gladman */
{
16, 16, 8, 0,
/* key */
{ 0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78 },
/* nonce */
{ 0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3 },
/* header */
{ 0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b },
/* PT */
{ 0x00 },
/* CT */
{ 0x00 },
/* tag */
{ 0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b,
0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01 }
},
{
16, 16, 8, 2,
/* key */
{ 0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b,
0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4 },
/* nonce */
{ 0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84,
0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd },
/* header */
{ 0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa },
/* PT */
{ 0xf7, 0xfb },
/* CT */
{ 0x19, 0xdd },
/* tag */
{ 0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda,
0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5 }
},
{
16, 16, 8, 5,
/* key */
{ 0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7,
0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23 },
/* nonce */
{ 0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84,
0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e },
/* header */
{ 0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6 },
/* PT */
{ 0x1a, 0x47, 0xcb, 0x49, 0x33 },
/* CT */
{ 0xd8, 0x51, 0xd5, 0xba, 0xe0 },
/* Tag */
{ 0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19,
0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80 }
}
};
int err, x, idx, res;
unsigned long len;
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
len = sizeof(outtag);
if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen,
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) {
return err;
}
if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) {
#if 0
unsigned long y;
printf("\n\nFailure: \nCT:\n");
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\nTAG:\n");
for (y = 0; y < len; ) {
printf("0x%02x", outtag[y]);
if (y < len-1) printf(", ");
if (!(++y % 8)) printf("\n");
}
#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* test decrypt */
if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen,
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) {
return err;
}
if ((res != 1) || memcmp(outct, tests[x].plaintext, tests[x].msglen)) {
#if 0
unsigned long y;
printf("\n\nFailure (res == %d): \nPT:\n", res);
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\n\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif /* LTC_TEST */
}
#endif /* EAX_MODE */
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_test.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

124
libtomcrypt/src/encauth/gcm/gcm_add_aad.c Normal file
View File

@@ -0,0 +1,124 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_add_aad.c
GCM implementation, Add AAD data to the stream, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Add AAD to the GCM state
@param gcm The GCM state
@param adata The additional authentication data to add to the GCM state
@param adatalen The length of the AAD data.
@return CRYPT_OK on success
*/
int gcm_add_aad(gcm_state *gcm,
const unsigned char *adata, unsigned long adatalen)
{
unsigned long x;
int err;
#ifdef LTC_FAST
unsigned long y;
#endif
LTC_ARGCHK(gcm != NULL);
if (adatalen > 0) {
LTC_ARGCHK(adata != NULL);
}
if (gcm->buflen > 16 || gcm->buflen < 0) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}
/* in IV mode? */
if (gcm->mode == GCM_MODE_IV) {
/* let's process the IV */
if (gcm->ivmode || gcm->buflen != 12) {
for (x = 0; x < (unsigned long)gcm->buflen; x++) {
gcm->X[x] ^= gcm->buf[x];
}
if (gcm->buflen) {
gcm->totlen += gcm->buflen * CONST64(8);
gcm_mult_h(gcm, gcm->X);
}
/* mix in the length */
zeromem(gcm->buf, 8);
STORE64H(gcm->totlen, gcm->buf+8);
for (x = 0; x < 16; x++) {
gcm->X[x] ^= gcm->buf[x];
}
gcm_mult_h(gcm, gcm->X);
/* copy counter out */
XMEMCPY(gcm->Y, gcm->X, 16);
zeromem(gcm->X, 16);
} else {
XMEMCPY(gcm->Y, gcm->buf, 12);
gcm->Y[12] = 0;
gcm->Y[13] = 0;
gcm->Y[14] = 0;
gcm->Y[15] = 1;
}
XMEMCPY(gcm->Y_0, gcm->Y, 16);
zeromem(gcm->buf, 16);
gcm->buflen = 0;
gcm->totlen = 0;
gcm->mode = GCM_MODE_AAD;
}
if (gcm->mode != GCM_MODE_AAD || gcm->buflen >= 16) {
return CRYPT_INVALID_ARG;
}
x = 0;
#ifdef LTC_FAST
if (gcm->buflen == 0) {
for (x = 0; x < (adatalen & ~15); x += 16) {
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&adata[x + y]));
}
gcm_mult_h(gcm, gcm->X);
gcm->totlen += 128;
}
adata += x;
}
#endif
/* start adding AAD data to the state */
for (; x < adatalen; x++) {
gcm->X[gcm->buflen++] ^= *adata++;
if (gcm->buflen == 16) {
/* GF mult it */
gcm_mult_h(gcm, gcm->X);
gcm->buflen = 0;
gcm->totlen += 128;
}
}
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_aad.c,v $ */
/* $Revision: 1.14 $ */
/* $Date: 2005/05/05 14:35:58 $ */

94
libtomcrypt/src/encauth/gcm/gcm_add_iv.c Normal file
View File

@@ -0,0 +1,94 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_add_iv.c
GCM implementation, add IV data to the state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Add IV data to the GCM state
@param gcm The GCM state
@param IV The initial value data to add
@param IVlen The length of the IV
@return CRYPT_OK on success
*/
int gcm_add_iv(gcm_state *gcm,
const unsigned char *IV, unsigned long IVlen)
{
unsigned long x, y;
int err;
LTC_ARGCHK(gcm != NULL);
if (IVlen > 0) {
LTC_ARGCHK(IV != NULL);
}
/* must be in IV mode */
if (gcm->mode != GCM_MODE_IV) {
return CRYPT_INVALID_ARG;
}
if (gcm->buflen >= 16 || gcm->buflen < 0) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}
/* trip the ivmode flag */
if (IVlen + gcm->buflen > 12) {
gcm->ivmode |= 1;
}
x = 0;
#ifdef LTC_FAST
if (gcm->buflen == 0) {
for (x = 0; x < (IVlen & ~15); x += 16) {
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&IV[x + y]));
}
gcm_mult_h(gcm, gcm->X);
gcm->totlen += 128;
}
IV += x;
}
#endif
/* start adding IV data to the state */
for (; x < IVlen; x++) {
gcm->buf[gcm->buflen++] = *IV++;
if (gcm->buflen == 16) {
/* GF mult it */
for (y = 0; y < 16; y++) {
gcm->X[y] ^= gcm->buf[y];
}
gcm_mult_h(gcm, gcm->X);
gcm->buflen = 0;
gcm->totlen += 128;
}
}
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_iv.c,v $ */
/* $Revision: 1.6 $ */
/* $Date: 2005/05/05 14:35:58 $ */

81
libtomcrypt/src/encauth/gcm/gcm_done.c Normal file
View File

@@ -0,0 +1,81 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_done.c
GCM implementation, Terminate the stream, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Terminate a GCM stream
@param gcm The GCM state
@param tag [out] The destination for the MAC tag
@param taglen [in/out] The length of the MAC tag
@return CRYPT_OK on success
*/
int gcm_done(gcm_state *gcm,
unsigned char *tag, unsigned long *taglen)
{
unsigned long x;
int err;
LTC_ARGCHK(gcm != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
if (gcm->buflen > 16 || gcm->buflen < 0) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}
if (gcm->mode != GCM_MODE_TEXT) {
return CRYPT_INVALID_ARG;
}
/* handle remaining ciphertext */
if (gcm->buflen) {
gcm->pttotlen += gcm->buflen * CONST64(8);
gcm_mult_h(gcm, gcm->X);
}
/* length */
STORE64H(gcm->totlen, gcm->buf);
STORE64H(gcm->pttotlen, gcm->buf+8);
for (x = 0; x < 16; x++) {
gcm->X[x] ^= gcm->buf[x];
}
gcm_mult_h(gcm, gcm->X);
/* encrypt original counter */
cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K);
for (x = 0; x < 16 && x < *taglen; x++) {
tag[x] = gcm->buf[x] ^ gcm->X[x];
}
*taglen = x;
cipher_descriptor[gcm->cipher].done(&gcm->K);
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_done.c,v $ */
/* $Revision: 1.7 $ */
/* $Date: 2005/05/05 14:35:58 $ */

94
libtomcrypt/src/encauth/gcm/gcm_gf_mult.c Normal file
View File

@@ -0,0 +1,94 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_gf_mult.c
GCM implementation, initialize state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/* right shift */
static void gcm_rightshift(unsigned char *a)
{
int x;
for (x = 15; x > 0; x--) {
a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80);
}
a[0] >>= 1;
}
/* c = b*a */
static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
static const unsigned char poly[] = { 0x00, 0xE1 };
/**
GCM GF multiplier (internal use only)
@param a First value
@param b Second value
@param c Destination for a * b
*/
void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
{
unsigned char Z[16], V[16];
unsigned x, y, z;
zeromem(Z, 16);
XMEMCPY(V, a, 16);
for (x = 0; x < 128; x++) {
if (b[x>>3] & mask[x&7]) {
for (y = 0; y < 16; y++) {
Z[y] ^= V[y];
}
}
z = V[15] & 0x01;
gcm_rightshift(V);
V[0] ^= poly[z];
}
XMEMCPY(c, Z, 16);
}
/**
GCM multiply by H
@param gcm The GCM state which holds the H value
@param I The value to multiply H by
*/
void gcm_mult_h(gcm_state *gcm, unsigned char *I)
{
unsigned char T[16];
#ifdef GCM_TABLES
int x, y;
XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
for (x = 1; x < 16; x++) {
#ifdef LTC_FAST
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
}
#else
for (y = 0; y < 16; y++) {
T[y] ^= gcm->PC[x][I[x]][y];
}
#endif
}
#else
gcm_gf_mult(gcm->H, I, T);
#endif
XMEMCPY(I, T, 16);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_gf_mult.c,v $ */
/* $Revision: 1.16 $ */
/* $Date: 2005/05/21 14:33:42 $ */

145
libtomcrypt/src/encauth/gcm/gcm_init.c Normal file
View File

@@ -0,0 +1,145 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_init.c
GCM implementation, initialize state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
#ifdef GCM_TABLES
/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
* lower 16 bits are not zero'ed I removed the upper 14 bytes */
static const unsigned char gcm_shift_table[256*2] = {
0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
#endif
/**
Initialize a GCM state
@param gcm The GCM state to initialize
@param cipher The index of the cipher to use
@param key The secret key
@param keylen The length of the secret key
@return CRYPT_OK on success
*/
int gcm_init(gcm_state *gcm, int cipher,
const unsigned char *key, int keylen)
{
int err;
unsigned char B[16];
#ifdef GCM_TABLES
int x, y, z, t;
#endif
LTC_ARGCHK(gcm != NULL);
LTC_ARGCHK(key != NULL);
#ifdef LTC_FAST
if (16 % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
/* is cipher valid? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[cipher].block_length != 16) {
return CRYPT_INVALID_CIPHER;
}
/* schedule key */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) {
return err;
}
/* H = E(0) */
zeromem(B, 16);
cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K);
/* setup state */
zeromem(gcm->buf, sizeof(gcm->buf));
zeromem(gcm->X, sizeof(gcm->X));
gcm->cipher = cipher;
gcm->mode = GCM_MODE_IV;
gcm->ivmode = 0;
gcm->buflen = 0;
gcm->totlen = 0;
gcm->pttotlen = 0;
#ifdef GCM_TABLES
/* setup tables */
/* generate the first table as it has no shifting (from which we make the other tables) */
zeromem(B, 16);
for (y = 0; y < 256; y++) {
B[0] = y;
gcm_gf_mult(gcm->H, B, &gcm->PC[0][y][0]);
}
/* now generate the rest of the tables based the previous table */
for (x = 1; x < 16; x++) {
for (y = 0; y < 256; y++) {
/* now shift it right by 8 bits */
t = gcm->PC[x-1][y][15];
for (z = 15; z > 0; z--) {
gcm->PC[x][y][z] = gcm->PC[x-1][y][z-1];
}
gcm->PC[x][y][0] = gcm_shift_table[t<<1];
gcm->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1];
}
}
#endif
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_init.c,v $ */
/* $Revision: 1.15 $ */
/* $Date: 2005/05/21 15:05:19 $ */

93
libtomcrypt/src/encauth/gcm/gcm_memory.c Normal file
View File

@@ -0,0 +1,93 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_memory.c
GCM implementation, process a packet, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Process an entire GCM packet in one call.
@param cipher Index of cipher to use
@param key The secret key
@param keylen The length of the secret key
@param IV The initial vector
@param IVlen The length of the initial vector
@param adata The additional authentication data (header)
@param adatalen The length of the adata
@param pt The plaintext
@param ptlen The length of the plaintext (ciphertext length is the same)
@param ct The ciphertext
@param tag [out] The MAC tag
@param taglen [in/out] The MAC tag length
@param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
@return CRYPT_OK on success
*/
int gcm_memory( int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *IV, unsigned long IVlen,
const unsigned char *adata, unsigned long adatalen,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen,
int direction)
{
gcm_state *gcm;
int err;
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[cipher].accel_gcm_memory != NULL) {
cipher_descriptor[cipher].accel_gcm_memory
(key, keylen,
IV, IVlen,
adata, adatalen,
pt, ptlen,
ct,
tag, taglen,
direction);
return CRYPT_OK;
}
gcm = XMALLOC(sizeof(*gcm));
if (gcm == NULL) {
return CRYPT_MEM;
}
if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) {
goto LTC_ERR;
}
if ((err = gcm_add_iv(gcm, IV, IVlen)) != CRYPT_OK) {
goto LTC_ERR;
}
if ((err = gcm_add_aad(gcm, adata, adatalen)) != CRYPT_OK) {
goto LTC_ERR;
}
if ((err = gcm_process(gcm, pt, ptlen, ct, direction)) != CRYPT_OK) {
goto LTC_ERR;
}
err = gcm_done(gcm, tag, taglen);
LTC_ERR:
XFREE(gcm);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_memory.c,v $ */
/* $Revision: 1.19 $ */
/* $Date: 2005/05/05 14:35:58 $ */

147
libtomcrypt/src/encauth/gcm/gcm_process.c Normal file
View File

@@ -0,0 +1,147 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_process.c
GCM implementation, process message data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Process plaintext/ciphertext through GCM
@param gcm The GCM state
@param pt The plaintext
@param ptlen The plaintext length (ciphertext length is the same)
@param ct The ciphertext
@param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
@return CRYPT_OK on success
*/
int gcm_process(gcm_state *gcm,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
int direction)
{
unsigned long x, y;
unsigned char b;
int err;
LTC_ARGCHK(gcm != NULL);
if (ptlen > 0) {
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
}
if (gcm->buflen > 16 || gcm->buflen < 0) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
return err;
}
/* in AAD mode? */
if (gcm->mode == GCM_MODE_AAD) {
/* let's process the AAD */
if (gcm->buflen) {
gcm->totlen += gcm->buflen * CONST64(8);
gcm_mult_h(gcm, gcm->X);
}
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y]) { break; }
}
/* encrypt the counter */
cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
gcm->buflen = 0;
gcm->mode = GCM_MODE_TEXT;
}
if (gcm->mode != GCM_MODE_TEXT) {
return CRYPT_INVALID_ARG;
}
x = 0;
#ifdef LTC_FAST
if (gcm->buflen == 0) {
if (direction == GCM_ENCRYPT) {
for (x = 0; x < (ptlen & ~15); x += 16) {
/* ctr encrypt */
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
}
/* GMAC it */
gcm->pttotlen += 128;
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y]) { break; }
}
cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
}
} else {
for (x = 0; x < (ptlen & ~15); x += 16) {
/* ctr encrypt */
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
*((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
}
/* GMAC it */
gcm->pttotlen += 128;
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y]) { break; }
}
cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
}
}
}
#endif
/* process text */
for (; x < ptlen; x++) {
if (gcm->buflen == 16) {
gcm->pttotlen += 128;
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
if (++gcm->Y[y]) { break; }
}
cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
gcm->buflen = 0;
}
if (direction == GCM_ENCRYPT) {
b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen];
} else {
b = ct[x];
pt[x] = ct[x] ^ gcm->buf[gcm->buflen];
}
gcm->X[gcm->buflen++] ^= b;
}
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_process.c,v $ */
/* $Revision: 1.8 $ */
/* $Date: 2005/05/05 14:35:58 $ */

44
libtomcrypt/src/encauth/gcm/gcm_reset.c Normal file
View File

@@ -0,0 +1,44 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_reset.c
GCM implementation, reset a used state so it can accept IV data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Reset a GCM state to as if you just called gcm_init(). This saves the initialization time.
@param gcm The GCM state to reset
@return CRYPT_OK on success
*/
int gcm_reset(gcm_state *gcm)
{
LTC_ARGCHK(gcm != NULL);
zeromem(gcm->buf, sizeof(gcm->buf));
zeromem(gcm->X, sizeof(gcm->X));
gcm->mode = GCM_MODE_IV;
gcm->ivmode = 0;
gcm->buflen = 0;
gcm->totlen = 0;
gcm->pttotlen = 0;
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_reset.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

368
libtomcrypt/src/encauth/gcm/gcm_test.c Normal file
View File

@@ -0,0 +1,368 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_test.c
GCM implementation, testing, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
/**
Test the GCM code
@return CRYPT_OK on success
*/
int gcm_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
unsigned char K[32];
int keylen;
unsigned char P[64];
unsigned long ptlen;
unsigned char A[64];
unsigned long alen;
unsigned char IV[64];
unsigned long IVlen;
unsigned char C[64];
unsigned char T[16];
} tests[] = {
/* test case #1 */
{
/* key */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
16,
/* plaintext */
{ 0 },
0,
/* AAD data */
{ 0 },
0,
/* IV */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
12,
/* ciphertext */
{ 0 },
/* tag */
{ 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }
},
/* test case #2 */
{
/* key */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
16,
/* PT */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
16,
/* ADATA */
{ 0 },
0,
/* IV */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00 },
12,
/* CT */
{ 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
/* TAG */
{ 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }
},
/* test case #3 */
{
/* key */
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
16,
/* PT */
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, },
64,
/* ADATA */
{ 0 },
0,
/* IV */
{ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88, },
12,
/* CT */
{ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, },
/* TAG */
{ 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, }
},
/* test case #4 */
{
/* key */
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
16,
/* PT */
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, },
60,
/* ADATA */
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2, },
20,
/* IV */
{ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88, },
12,
/* CT */
{ 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, },
/* TAG */
{ 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }
},
/* test case #5 */
{
/* key */
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
16,
/* PT */
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, },
60,
/* ADATA */
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2, },
20,
/* IV */
{ 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, },
8,
/* CT */
{ 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
0xc2, 0x3f, 0x45, 0x98, },
/* TAG */
{ 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, }
},
/* test case #6 */
{
/* key */
{ 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
16,
/* PT */
{ 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, },
60,
/* ADATA */
{ 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2, },
20,
/* IV */
{ 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b, },
60,
/* CT */
{ 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
0x4c, 0x34, 0xae, 0xe5, },
/* TAG */
{ 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
}
/* rest of test cases are the same except AES key size changes... ignored... */
};
int idx, err;
unsigned long x, y;
unsigned char out[2][64], T[2][16];
/* find aes */
idx = find_cipher("aes");
if (idx == -1) {
idx = find_cipher("rijndael");
if (idx == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
y = sizeof(T[0]);
if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
tests[x].IV, tests[x].IVlen,
tests[x].A, tests[x].alen,
(unsigned char*)tests[x].P, tests[x].ptlen,
out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) {
return err;
}
if (memcmp(out[0], tests[x].C, tests[x].ptlen)) {
#if 0
printf("\nCiphertext wrong %lu\n", x);
for (y = 0; y < tests[x].ptlen; y++) {
printf("%02x", out[0][y] & 255);
}
printf("\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(T[0], tests[x].T, 16)) {
#if 0
printf("\nTag on plaintext wrong %lu\n", x);
for (y = 0; y < 16; y++) {
printf("%02x", T[0][y] & 255);
}
printf("\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
y = sizeof(T[1]);
if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
tests[x].IV, tests[x].IVlen,
tests[x].A, tests[x].alen,
out[1], tests[x].ptlen,
out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) {
return err;
}
if (memcmp(out[1], tests[x].P, tests[x].ptlen)) {
#if 0
printf("\nplaintext wrong %lu\n", x);
for (y = 0; y < tests[x].ptlen; y++) {
printf("%02x", out[0][y] & 255);
}
printf("\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(T[1], tests[x].T, 16)) {
#if 0
printf("\nTag on ciphertext wrong %lu\n", x);
for (y = 0; y < 16; y++) {
printf("%02x", T[1][y] & 255);
}
printf("\n");
#endif
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_test.c,v $ */
/* $Revision: 1.15 $ */
/* $Date: 2005/05/05 14:35:58 $ */

77
libtomcrypt/src/encauth/ocb/ocb_decrypt.c Normal file
View File

@@ -0,0 +1,77 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_decrypt.c
OCB implementation, decrypt data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Decrypt a block with OCB.
@param ocb The OCB state
@param ct The ciphertext (length of the block size of the block cipher)
@param pt [out] The plaintext (length of ct)
@return CRYPT_OK if successful
*/
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
{
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
int err, x;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* check if valid cipher */
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
/* check length */
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
return CRYPT_INVALID_ARG;
}
/* Get Z[i] value */
ocb_shift_xor(ocb, Z);
/* xor ct in, encrypt, xor Z out */
for (x = 0; x < ocb->block_len; x++) {
tmp[x] = ct[x] ^ Z[x];
}
cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key);
for (x = 0; x < ocb->block_len; x++) {
pt[x] ^= Z[x];
}
/* compute checksum */
for (x = 0; x < ocb->block_len; x++) {
ocb->checksum[x] ^= pt[x];
}
#ifdef LTC_CLEAN_STACK
zeromem(Z, sizeof(Z));
zeromem(tmp, sizeof(tmp));
#endif
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

86
libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c Normal file
View File

@@ -0,0 +1,86 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_decrypt_verify_memory.c
OCB implementation, helper to decrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Decrypt and compare the tag with OCB.
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block size of the block cipher)
@param ct The ciphertext
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The tag to compare against
@param taglen The length of the tag (octets)
@param stat [out] The result of the tag comparison (1==valid, 0==invalid)
@return CRYPT_OK if successful regardless of the tag comparison
*/
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *stat)
{
int err;
ocb_state *ocb;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(stat != NULL);
/* allocate memory */
ocb = XMALLOC(sizeof(ocb_state));
if (ocb == NULL) {
return CRYPT_MEM;
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto LBL_ERR;
}
while (ctlen > (unsigned long)ocb->block_len) {
if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
goto LBL_ERR;
}
ctlen -= ocb->block_len;
pt += ocb->block_len;
ct += ocb->block_len;
}
err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif
XFREE(ocb);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

80
libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c Normal file
View File

@@ -0,0 +1,80 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_done_decrypt.c
OCB implementation, terminate decryption, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Terminate a decrypting OCB state
@param ocb The OCB state
@param ct The ciphertext (if any)
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The authentication tag (to compare against)
@param taglen The length of the authentication tag provided
@param stat [out] The result of the tag comparison
@return CRYPT_OK if the process was successful regardless if the tag is valid
*/
int ocb_done_decrypt(ocb_state *ocb,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen, int *stat)
{
int err;
unsigned char *tagbuf;
unsigned long tagbuflen;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(stat != NULL);
/* default to failed */
*stat = 0;
/* allocate memory */
tagbuf = XMALLOC(MAXBLOCKSIZE);
if (tagbuf == NULL) {
return CRYPT_MEM;
}
tagbuflen = MAXBLOCKSIZE;
if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
goto LBL_ERR;
}
if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) {
*stat = 1;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(tagbuf, MAXBLOCKSIZE);
#endif
XFREE(tagbuf);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

46
libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c Normal file
View File

@@ -0,0 +1,46 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_done_encrypt.c
OCB implementation, terminate encryption, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Terminate an encryption OCB state
@param ocb The OCB state
@param pt Remaining plaintext (if any)
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext (if any)
@param tag [out] The tag for the OCB stream
@param taglen [in/out] The max size and resulting size of the tag
@return CRYPT_OK if successful
*/
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
{
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

70
libtomcrypt/src/encauth/ocb/ocb_encrypt.c Normal file
View File

@@ -0,0 +1,70 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_encrypt.c
OCB implementation, encrypt data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Encrypt a block of data with OCB.
@param ocb The OCB state
@param pt The plaintext (length of the block size of the block cipher)
@param ct [out] The ciphertext (same size as the pt)
@return CRYPT_OK if successful
*/
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
{
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
int err, x;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
return CRYPT_INVALID_ARG;
}
/* compute checksum */
for (x = 0; x < ocb->block_len; x++) {
ocb->checksum[x] ^= pt[x];
}
/* Get Z[i] value */
ocb_shift_xor(ocb, Z);
/* xor pt in, encrypt, xor Z out */
for (x = 0; x < ocb->block_len; x++) {
tmp[x] = pt[x] ^ Z[x];
}
cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key);
for (x = 0; x < ocb->block_len; x++) {
ct[x] ^= Z[x];
}
#ifdef LTC_CLEAN_STACK
zeromem(Z, sizeof(Z));
zeromem(tmp, sizeof(tmp));
#endif
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

84
libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c Normal file
View File

@@ -0,0 +1,84 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_encrypt_authenticate_memory.c
OCB implementation, encrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Encrypt and generate an authentication code for a buffer of memory
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block ciphers block size)
@param pt The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The authentication tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful
*/
int ocb_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
ocb_state *ocb;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
ocb = XMALLOC(sizeof(ocb_state));
if (ocb == NULL) {
return CRYPT_MEM;
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto LBL_ERR;
}
while (ptlen > (unsigned long)ocb->block_len) {
if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) {
goto LBL_ERR;
}
ptlen -= ocb->block_len;
pt += ocb->block_len;
ct += ocb->block_len;
}
err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif
XFREE(ocb);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

133
libtomcrypt/src/encauth/ocb/ocb_init.c Normal file
View File

@@ -0,0 +1,133 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_init.c
OCB implementation, initialize state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
static const struct {
int len;
unsigned char poly_div[MAXBLOCKSIZE],
poly_mul[MAXBLOCKSIZE];
} polys[] = {
{
8,
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
}, {
16,
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
}
};
/**
Initialize an OCB context.
@param ocb [out] The destination of the OCB state
@param cipher The index of the desired cipher
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block size of the cipher)
@return CRYPT_OK if successful
*/
int ocb_init(ocb_state *ocb, int cipher,
const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
{
int poly, x, y, m, err;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
/* valid cipher? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
/* determine which polys to use */
ocb->block_len = cipher_descriptor[cipher].block_length;
for (poly = 0; poly < (int)(sizeof(polys)/sizeof(polys[0])); poly++) {
if (polys[poly].len == ocb->block_len) {
break;
}
}
if (polys[poly].len != ocb->block_len) {
return CRYPT_INVALID_ARG;
}
/* schedule the key */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
return err;
}
/* find L = E[0] */
zeromem(ocb->L, ocb->block_len);
cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key);
/* find R = E[N xor L] */
for (x = 0; x < ocb->block_len; x++) {
ocb->R[x] = ocb->L[x] ^ nonce[x];
}
cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key);
/* find Ls[i] = L << i for i == 0..31 */
XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len);
for (x = 1; x < 32; x++) {
m = ocb->Ls[x-1][0] >> 7;
for (y = 0; y < ocb->block_len-1; y++) {
ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255;
}
ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255;
if (m == 1) {
for (y = 0; y < ocb->block_len; y++) {
ocb->Ls[x][y] ^= polys[poly].poly_mul[y];
}
}
}
/* find Lr = L / x */
m = ocb->L[ocb->block_len-1] & 1;
/* shift right */
for (x = ocb->block_len - 1; x > 0; x--) {
ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255;
}
ocb->Lr[0] = ocb->L[0] >> 1;
if (m == 1) {
for (x = 0; x < ocb->block_len; x++) {
ocb->Lr[x] ^= polys[poly].poly_div[x];
}
}
/* set Li, checksum */
zeromem(ocb->Li, ocb->block_len);
zeromem(ocb->checksum, ocb->block_len);
/* set other params */
ocb->block_index = 1;
ocb->cipher = cipher;
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_init.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

42
libtomcrypt/src/encauth/ocb/ocb_ntz.c Normal file
View File

@@ -0,0 +1,42 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_ntz.c
OCB implementation, internal function, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Returns the number of leading zero bits [from lsb up]
@param x The 32-bit value to observe
@return The number of bits [from the lsb up] that are zero
*/
int ocb_ntz(unsigned long x)
{
int c;
x &= 0xFFFFFFFFUL;
c = 0;
while ((x & 1) == 0) {
++c;
x >>= 1;
}
return c;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_ntz.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

39
libtomcrypt/src/encauth/ocb/ocb_shift_xor.c Normal file
View File

@@ -0,0 +1,39 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_shift_xor.c
OCB implementation, internal function, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Compute the shift/xor for OCB (internal function)
@param ocb The OCB state
@param Z The destination of the shift
*/
void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
{
int x, y;
y = ocb_ntz(ocb->block_index++);
for (x = 0; x < ocb->block_len; x++) {
ocb->Li[x] ^= ocb->Ls[y][x];
Z[x] = ocb->Li[x] ^ ocb->R[x];
}
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

237
libtomcrypt/src/encauth/ocb/ocb_test.c Normal file
View File

@@ -0,0 +1,237 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file ocb_test.c
OCB implementation, self-test by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Test the OCB protocol
@return CRYPT_OK if successful
*/
int ocb_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
int ptlen;
unsigned char key[16], nonce[16], pt[34], ct[34], tag[16];
} tests[] = {
/* OCB-AES-128-0B */
{
0,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0 },
/* ct */
{ 0 },
/* tag */
{ 0x15, 0xd3, 0x7d, 0xd7, 0xc8, 0x90, 0xd5, 0xd6,
0xac, 0xab, 0x92, 0x7b, 0xc0, 0xdc, 0x60, 0xee },
},
/* OCB-AES-128-3B */
{
3,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0x00, 0x01, 0x02 },
/* ct */
{ 0xfc, 0xd3, 0x7d },
/* tag */
{ 0x02, 0x25, 0x47, 0x39, 0xa5, 0xe3, 0x56, 0x5a,
0xe2, 0xdc, 0xd6, 0x2c, 0x65, 0x97, 0x46, 0xba },
},
/* OCB-AES-128-16B */
{
16,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* ct */
{ 0x37, 0xdf, 0x8c, 0xe1, 0x5b, 0x48, 0x9b, 0xf3,
0x1d, 0x0f, 0xc4, 0x4d, 0xa1, 0xfa, 0xf6, 0xd6 },
/* tag */
{ 0xdf, 0xb7, 0x63, 0xeb, 0xdb, 0x5f, 0x0e, 0x71,
0x9c, 0x7b, 0x41, 0x61, 0x80, 0x80, 0x04, 0xdf },
},
/* OCB-AES-128-20B */
{
20,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13 },
/* ct */
{ 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
0x70, 0x03, 0xeb, 0x55},
/* tag */
{ 0x75, 0x30, 0x84, 0x14, 0x4e, 0xb6, 0x3b, 0x77,
0x0b, 0x06, 0x3c, 0x2e, 0x23, 0xcd, 0xa0, 0xbb },
},
/* OCB-AES-128-32B */
{
32,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
/* ct */
{ 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
0x4a, 0xfc, 0xbb, 0x7f, 0xed, 0xc0, 0x8c, 0xa8,
0x65, 0x4c, 0x6d, 0x30, 0x4d, 0x16, 0x12, 0xfa },
/* tag */
{ 0xc1, 0x4c, 0xbf, 0x2c, 0x1a, 0x1f, 0x1c, 0x3c,
0x13, 0x7e, 0xad, 0xea, 0x1f, 0x2f, 0x2f, 0xcf },
},
/* OCB-AES-128-34B */
{
34,
/* key */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
/* nonce */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
/* pt */
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x20, 0x21 },
/* ct */
{ 0x01, 0xa0, 0x75, 0xf0, 0xd8, 0x15, 0xb1, 0xa4,
0xe9, 0xc8, 0x81, 0xa1, 0xbc, 0xff, 0xc3, 0xeb,
0xd4, 0x90, 0x3d, 0xd0, 0x02, 0x5b, 0xa4, 0xaa,
0x83, 0x7c, 0x74, 0xf1, 0x21, 0xb0, 0x26, 0x0f,
0xa9, 0x5d },
/* tag */
{ 0xcf, 0x83, 0x41, 0xbb, 0x10, 0x82, 0x0c, 0xcf,
0x14, 0xbd, 0xec, 0x56, 0xb8, 0xd7, 0xd6, 0xab },
},
};
int err, x, idx, res;
unsigned long len;
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
len = sizeof(outtag);
if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16,
tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) {
return err;
}
if (memcmp(outtag, tests[x].tag, len) || memcmp(outct, tests[x].ct, tests[x].ptlen)) {
#if 0
unsigned long y;
printf("\n\nFailure: \nCT:\n");
for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\nTAG:\n");
for (y = 0; y < len; ) {
printf("0x%02x", outtag[y]);
if (y < len-1) printf(", ");
if (!(++y % 8)) printf("\n");
}
#endif
return CRYPT_FAIL_TESTVECTOR;
}
if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
return err;
}
if ((res != 1) || memcmp(tests[x].pt, outct, tests[x].ptlen)) {
#if 0
unsigned long y;
printf("\n\nFailure-decrypt: \nPT:\n");
for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
printf("0x%02x", outct[y]);
if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
if (!(++y % 8)) printf("\n");
}
printf("\nres = %d\n\n", res);
#endif
}
}
return CRYPT_OK;
#endif /* LTC_TEST */
}
#endif /* OCB_MODE */
/* some comments
-- it's hard to seek
-- hard to stream [you can't emit ciphertext until full block]
-- The setup is somewhat complicated...
*/
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_test.c,v $ */
/* $Revision: 1.3 $ */
/* $Date: 2005/05/05 14:35:58 $ */

144
libtomcrypt/src/encauth/ocb/s_ocb_done.c Normal file
View File

@@ -0,0 +1,144 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file s_ocb_done.c
OCB implementation, internal helper, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/* Since the last block is encrypted in CTR mode the same code can
* be used to finish a decrypt or encrypt stream. The only difference
* is we XOR the final ciphertext into the checksum so we have to xor it
* before we CTR [decrypt] or after [encrypt]
*
* the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
*/
/**
Shared code to finish an OCB stream
@param ocb The OCB state
@param pt The remaining plaintext [or input]
@param ptlen The length of the input (octets)
@param ct [out] The output buffer
@param tag [out] The destination for the authentication tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@param mode The mode we are terminating, 0==encrypt, 1==decrypt
@return CRYPT_OK if successful
*/
int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
{
unsigned char *Z, *Y, *X;
int err, x;
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length ||
(int)ptlen > ocb->block_len || (int)ptlen < 0) {
return CRYPT_INVALID_ARG;
}
/* allocate ram */
Z = XMALLOC(MAXBLOCKSIZE);
Y = XMALLOC(MAXBLOCKSIZE);
X = XMALLOC(MAXBLOCKSIZE);
if (X == NULL || Y == NULL || Z == NULL) {
if (X != NULL) {
XFREE(X);
}
if (Y != NULL) {
XFREE(Y);
}
if (Z != NULL) {
XFREE(Z);
}
return CRYPT_MEM;
}
/* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
ocb_shift_xor(ocb, X);
XMEMCPY(Z, X, ocb->block_len);
X[ocb->block_len-1] ^= (ptlen*8)&255;
X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255;
for (x = 0; x < ocb->block_len; x++) {
X[x] ^= ocb->Lr[x];
}
/* Y[m] = E(X[m])) */
cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key);
if (mode == 1) {
/* decrypt mode, so let's xor it first */
/* xor C[m] into checksum */
for (x = 0; x < (int)ptlen; x++) {
ocb->checksum[x] ^= ct[x];
}
}
/* C[m] = P[m] xor Y[m] */
for (x = 0; x < (int)ptlen; x++) {
ct[x] = pt[x] ^ Y[x];
}
if (mode == 0) {
/* encrypt mode */
/* xor C[m] into checksum */
for (x = 0; x < (int)ptlen; x++) {
ocb->checksum[x] ^= ct[x];
}
}
/* xor Y[m] and Z[m] into checksum */
for (x = 0; x < ocb->block_len; x++) {
ocb->checksum[x] ^= Y[x] ^ Z[x];
}
/* encrypt checksum, er... tag!! */
cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
cipher_descriptor[ocb->cipher].done(&ocb->key);
/* now store it */
for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
tag[x] = X[x];
}
*taglen = x;
#ifdef LTC_CLEAN_STACK
zeromem(X, MAXBLOCKSIZE);
zeromem(Y, MAXBLOCKSIZE);
zeromem(Z, MAXBLOCKSIZE);
zeromem(ocb, sizeof(*ocb));
#endif
XFREE(X);
XFREE(Y);
XFREE(Z);
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/s_ocb_done.c,v $ */
/* $Revision: 1.4 $ */
/* $Date: 2005/05/05 14:35:58 $ */