void tee_cipher_final(void *ctx, uint32_t algo)
{
switch (algo) {
case TEE_ALG_AES_ECB_NOPAD:
case TEE_ALG_DES_ECB_NOPAD:
case TEE_ALG_DES3_ECB_NOPAD:
ecb_done((symmetric_ECB *)ctx);
break;
case TEE_ALG_AES_CBC_NOPAD:
case TEE_ALG_DES_CBC_NOPAD:
case TEE_ALG_DES3_CBC_NOPAD:
cbc_done((symmetric_CBC *)ctx);
break;
case TEE_ALG_AES_CTR:
ctr_done((symmetric_CTR *)ctx);
break;
case TEE_ALG_AES_XTS:
xts_done((symmetric_xts *)ctx);
break;
case TEE_ALG_AES_CTS:
cbc_done(&(((struct symmetric_CTS *)ctx)->cbc));
ecb_done(&(((struct symmetric_CTS *)ctx)->ecb));
break;
default:
/* TEE_ERROR_NOT_SUPPORTED; */
break;
}
}
int main(int argc, char *argv[]){
/* Similar situation as before,
only the test vector is more complex.*/
unsigned char key[32];
bzero(key, 32);
unsigned char initcount[16];
bzero(initcount,16);
initcount[15]=1; //For test usage
unsigned char input[32];
bzero(input, 32);
unsigned char output[32]; //counter mode: assume xor works
bzero(output, 32);
aes256ctr(output, input, 32, key, initcount);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
symmetric_CTR ctr;
bzero(output, 32);
register_cipher(&aes_desc);
ctr_start(find_cipher("aes"), initcount, key, 32, 0, CTR_COUNTER_BIG_ENDIAN,
&ctr);
ctr_encrypt(input, output, 32, &ctr);
ctr_done(&ctr);
for(int i=0; i<32; i++) printf("%02x ", output[i]);
printf("\n");
exit(0);
}
int eax_done( unsigned char tag[], unsigned long tag_len, eax_state eax[1] )
{
int err = EXIT_FAILURE;
unsigned char *headermac, *ctmac;
unsigned long x, len;
if( ( headermac = malloc( AES_BLOCK_SIZE ) ) == NULL )
goto exit3;
if( ( ctmac = malloc( AES_BLOCK_SIZE ) ) == NULL )
goto exit2;
len = AES_BLOCK_SIZE;
if( (err = omac_done( ctmac, &len, eax->ctx_omac )) != EXIT_SUCCESS )
goto exit1;
if( (err = omac_done( headermac, &len, eax->hdr_omac )) != EXIT_SUCCESS )
goto exit1;
if( (err = ctr_done( eax->ctr )) != 0 )
goto exit1;
for( x = 0; x < len && x < tag_len; x++ )
tag[x] = eax->nv[x] ^ headermac[x] ^ ctmac[x];
err = EXIT_SUCCESS;
exit1:
free( ctmac );
exit2:
free( headermac );
exit3:
return err;
}
int ctr_test(void)
{
#ifdef LTC_NO_TEST
return CRYPT_NOP;
#else
static const struct {
int keylen, msglen;
unsigned char key[32], IV[16], pt[64], ct[64];
} tests[] = {
/* 128-bit key, 16-byte pt */
{
16, 16,
{0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E },
{0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
{0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 },
{0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 },
},
/* 128-bit key, 36-byte pt */
{
16, 36,
{0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC },
{0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 },
{ 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
0x20,0x21,0x22,0x23
},
{ 0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7,
0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53,
0x25,0xB2,0x07,0x2F
},
},
};
int idx, err, x;
unsigned char buf[64];
symmetric_CTR ctr;
/* AES can be under rijndael or aes... try to find it */
if ((idx = find_cipher("aes")) == -1) {
if ((idx = find_cipher("rijndael")) == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
return err;
}
if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) {
return err;
}
ctr_done(&ctr);
if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
/**
Terminate the PRNG
@param prng The PRNG to terminate
@return CRYPT_OK if successful
*/
int yarrow_done(prng_state *prng)
{
LTC_ARGCHK(prng != NULL);
/* call cipher done when we invent one ;-) */
/* we invented one */
return ctr_done(&prng->yarrow.ctr);
}
void Encrypt(PK0304* le, AE_EXTRA* ae, char* password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len = KeySize*2 + 2;
u32 dig_len = 40;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
/* Gets a random salt (8-16 byte) */
sprng_read(salt, SaltSize, 0);
/* Generates 2 keys for AES and HMAC, plus 2-byte password verification value */
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
// dump("salt", salt, SaltSize);
// dump("key", key1, KeySize);
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR encoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
if (AE2) le->Crc32 = 0;
le->Flag |= 1;
le->CompMethod = 99;
le->ExtraLen += 11;
le->CompSize += SaltSize + 12; /* variable salt, fixed password check and hmac */
safeWrite(ZOUT, le, sizeof(PK0304));
fileCopy(ZOUT, ZIN, le->NameLen+le->ExtraLen-11);
safeWrite(ZOUT, ae, 11);
safeWrite(ZOUT, salt, SaltSize);
safeWrite(ZOUT, check, 2);
/* encrypt contents */
fileFilter(ZOUT, ZIN, le->CompSize-SaltSize-12);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
safeWrite(ZOUT, digest, 10);
ctr_done(&ctr);
}
void ltc_cleanup(void)
{
TRACE_DEBUG("LTC: Cleaning up ...\n\r");
#if defined(ENCRYPTION_ECB)
ecb_done(&sECB);
#elif defined(ENCRYPTION_CBC)
cbc_done(&sCBC);
#elif defined(ENCRYPTION_CTR)
ctr_done(&sCTR);
#endif
TRACE_DEBUG("LTC: Cleanup done.\n\r");
}
/**
Terminate the PRNG
@param prng The PRNG to terminate
@return CRYPT_OK if successful
*/
int yarrow_done(prng_state *prng)
{
int err;
LTC_ARGCHK(prng != NULL);
LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
/* call cipher done when we invent one ;-) */
/* we invented one */
err = ctr_done(&prng->yarrow.ctr);
LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
int symmetricEncrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen)
{
symmetric_CTR ctr;
int err;
/* register aes first */
if ((err = register_cipher(&rijndael_desc)) == -1) {
return ERROR_REG_AES;
}
/* start up CTR mode */
if ((err = ctr_start(
find_cipher("rijndael"), /* index of desired cipher */
IV, /* the initial vecoter */
key, /* the secret key */
keylen, /* length of secret key */
0,
CTR_COUNTER_LITTLE_ENDIAN,
&ctr)
) != CRYPT_OK) {
//printf("%s\n", error_to_string(err));
return err;
}
/*
printf("from libcrypt: \n");
for(i = 0; i < 30; i++)
printf("%02x ", in[i]);
printf("\n");
fflush(stdout);
*/
if ((err = ctr_encrypt( in, /* plaintext */
in, /* ciphertext */
len, /* length of plaintext */
&ctr) /* CTR state */
) != CRYPT_OK) {
return err;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
int symmetricDecrypt(unsigned char *key, unsigned long keylen, unsigned char *in, unsigned long len, unsigned char *IV, unsigned long ivlen)
{
symmetric_CTR ctr;
int err;
/* register aes first */
if (register_cipher(&rijndael_desc) == -1) {
return ERROR_REG_AES;
}
/* start up CTR mode */
if ((err = ctr_start(
find_cipher("rijndael"), /* index of desired cipher */
IV, /* the initial vecoter */
key, /* the secret key */
keylen, /* length of secret key */
0,
CTR_COUNTER_LITTLE_ENDIAN,
&ctr)
) != CRYPT_OK) {
return err;
}
// if ((err = ctr_setiv( IV, /* the initial IV we gave to ctr_start */
// 16, /* the IV is 16 bytes long */
// &ctr) /* the ctr state we wish to modify */
// ) != CRYPT_OK) {
// printf("ctr_setiv error: %s\n", error_to_string(err));
// return -1;
// }
if ((err = ctr_decrypt( in, /* plaintext */
in, /* ciphertext */
len, /* length of plaintext */
&ctr) /* CTR state */
) != CRYPT_OK) {
return err;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK) {
return err;
}
return CRYPT_OK;
}
static int
EncryptCTR(
int cipher,
int rounds,
int counterMode,
unsigned char *iv,
unsigned char *key,
unsigned long keyLength,
unsigned char *data,
unsigned long dataLength,
unsigned char *dest
)
{
int status;
symmetric_CTR state;
status = ctr_start(cipher, iv, key, keyLength, rounds, counterMode, &state);
if (status == CRYPT_OK) {
status = ctr_encrypt(data, dest, dataLength, &state);
ctr_done(&state);
}
return status;
}
int main(){
char plaintext[] = "Hi I am an AES CTR test vector distributed on 4 128-bit blocks!";
unsigned char key[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
unsigned char iv[16] = {0x01, 0xff, 0x83, 0xf2, 0xf9, 0x98, 0xba, 0xa4, 0xda, 0xdc, 0xaa, 0xcc, 0x8e, 0x17, 0xa4, 0x1b};
symmetric_CTR ctr;
unsigned char ciphertext[sizeof(plaintext)];
unsigned char deciphertext[sizeof(plaintext)];
int err;
if (register_cipher(&aes_desc) == -1) {
printf("Error: in %s, unable to register cipher\n", __func__);
return 0;
}
printf("Plaintext: \"%s\"\n", plaintext);
printf("IV: ");
fprintBuffer_raw(stdout, (char*)iv, sizeof(iv));
printf("\nKey 128: ");
fprintBuffer_raw(stdout, (char*)key, sizeof(key));
/* ENCRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_encrypt((unsigned char*)plaintext, ciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
/* DECRYPT */
if ((err = ctr_start(find_cipher("aes"), iv, key, sizeof(key), 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_decrypt(ciphertext, deciphertext, sizeof(plaintext), &ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
if ((err = ctr_done(&ctr)) != CRYPT_OK){
printf("ERROR: in %s, %s\n", __func__, error_to_string(err));
return 0;
}
printf("\nCiphertext CTR: ");
fprintBuffer_raw(stdout, (char*)ciphertext, sizeof(plaintext));
if (memcmp(deciphertext, plaintext, sizeof(plaintext)) == 0){
printf("\nRecovery: OK\n");
}
else{
printf("\nRecovery: FAIL\n");
}
return 0;
}
void Decrypt(PK0304 *le, char *password)
{
char *salt, *key1, *key2, *check, digest[40];
u32 key_len, dig_len = 40, start, xlen;
AE_EXTRA ae;
start = ftell(ZIN);
/* Searches for AE-1 header */
fseek(ZIN, le->NameLen, SEEK_CUR);
for(xlen=le->ExtraLen; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
fseek(ZIN, ae.Size, SEEK_CUR);
}
if (ae.Sig != 0x9901)
Z_ERROR("Fatal! Can't find AE extra header!");
if (ae.Strength < 1 || ae.Strength > 3)
Z_ERROR("Bad encryption strength");
SaltSize = KS[ae.Strength].Salt;
KeySize = KS[ae.Strength].Key;
salt = BUF;
key1 = salt+SaltSize;
key2 = key1+KeySize;
check = key2+KeySize;
key_len = KeySize*2+2;
/* Loads salt and password check value, and regenerates original crypto material */
fseek(ZIN, start+le->NameLen+le->ExtraLen, SEEK_SET);
safeRead(salt, ZIN, SaltSize);
safeRead(check+2, ZIN, 2);
point1:
if (pkcs_5_alg2(password, strlen(password), salt, SaltSize, 1000, 0, key1, &key_len) != CRYPT_OK)
Z_ERROR("Failed to derive encryption keys");
if (memcmp(check, check+2, 2))
{
printf("\nCan't decrypt data: try another password.\nNew password: "******"\n");
goto point1;
}
if (ctr_start(0, IV, key1, KeySize, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr) != CRYPT_OK)
Z_ERROR("Failed to setup AES CTR decoder");
#ifdef GLADMAN_HMAC
hmac_sha1_begin(&hmac);
hmac_sha1_key(key2, KeySize, &hmac);
#else
if (hmac_init(&hmac, 0, key2, KeySize) != CRYPT_OK)
Z_ERROR("Failed to setup HMAC-SHA1");
#endif
/* Adjusts local header */
le->Flag ^= 1;
le->CompMethod = ae.CompMethod;
le->ExtraLen -= 11;
le->CompSize -= (SaltSize + 12);
/* Writes local header and copies extra, except 0x9901 */
safeWrite(ZOUT, le, sizeof(PK0304));
fseek(ZIN, start, SEEK_SET);
fileCopy(ZOUT, ZIN, le->NameLen);
for(xlen=le->ExtraLen+11; xlen;)
{
safeRead(&ae, ZIN, 4);
xlen -= (4 + ae.Size);
if (ae.Sig == 0x9901)
{
safeRead(&ae.Version, ZIN, 7);
continue;
}
safeWrite(ZOUT, &ae, 4);
fileCopy(ZOUT, ZIN, ae.Size);
}
fseek(ZIN, SaltSize+2, SEEK_CUR);
fileFilter(ZOUT, ZIN, le->CompSize);
#ifdef GLADMAN_HMAC
hmac_sha1_end(digest, dig_len, &hmac);
#else
if (hmac_done(&hmac, digest, &dig_len) != CRYPT_OK)
Z_ERROR("Failed to computate HMAC");
#endif
/* Retrieves and checks HMACs */
safeRead(digest+10, ZIN, 10);
if (memcmp(digest, digest+10, 10))
printf(" authentication failed, contents were lost!");
ctr_done(&ctr);
}
/**
Terminate an EAX session and get the tag.
@param eax The EAX state
@param tag [out] The destination of the authentication tag
@param taglen [in/out] The max length and resulting length of the authentication tag
@return CRYPT_OK if successful
*/
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char *headermac, *ctmac;
unsigned long x, len;
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
headermac = XMALLOC(MAXBLOCKSIZE);
ctmac = XMALLOC(MAXBLOCKSIZE);
if (headermac == NULL || ctmac == NULL) {
if (headermac != NULL) {
XFREE(headermac);
}
if (ctmac != NULL) {
XFREE(ctmac);
}
return CRYPT_MEM;
}
/* finish ctomac */
len = MAXBLOCKSIZE;
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
goto LBL_ERR;
}
/* finish headeromac */
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
goto LBL_ERR;
}
/* terminate the CTR chain */
if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) {
goto LBL_ERR;
}
/* compute N xor H xor C */
for (x = 0; x < len && x < *taglen; x++) {
tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
}
*taglen = x;
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ctmac, MAXBLOCKSIZE);
zeromem(headermac, MAXBLOCKSIZE);
zeromem(eax, sizeof(*eax));
#endif
XFREE(ctmac);
XFREE(headermac);
return err;
}
void ltc_cleanup_CTR(void)
{
TRACE_DEBUG("LTC: Cleaning up CTR...\n\r");
ctr_done(&sCTR);
TRACE_DEBUG("LTC: Cleanup done.\n\r");
}
/* IF YOU CALL THIS MULTIPLE TIMES WITH THE SAME KEY YOU MUST PROVIDE AN IV POINTER! */
int crypt_data(const unsigned char *data_in,
unsigned char *data_out, size_t data_size,
const unsigned char *data_mkey, size_t data_mkey_size,
unsigned char *data_new_hmac,
const unsigned char *data_chk_hmac,
size_t data_hmac_size,
unsigned char **IV_start,
int mode) {
if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
fprintf(stderr, "crypt_data called with invalid mode %d\n", mode);
return -1;
}
symmetric_CTR ctr;
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(&ctr, sizeof(ctr)) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
int err;
int ret = 0; /* return code */
unsigned char *IV;
unsigned long IV_size = 16;
int hash_idx = find_hash("sha256");
size_t data_ckey_size, data_hkey_size;
data_ckey_size = data_hkey_size = data_mkey_size;
unsigned char *subkeys = safe_malloc(data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
if (mlock(subkeys, data_ckey_size + data_hkey_size) != 0) {
fprintf(stderr, "WARNING: mlock failed at %s:%d - ", __FILE__, __LINE__);
perror("");
}
#endif
unsigned char *data_ckey = subkeys + 0;
unsigned char *data_hkey = subkeys + data_ckey_size;
pbkdf2(data_mkey, data_mkey_size, "H", 1, SUBKEY_ITER, hash_idx, data_hkey, &data_hkey_size);
pbkdf2(data_mkey, data_mkey_size, "C", 1, SUBKEY_ITER, hash_idx, data_ckey, &data_ckey_size);
if (IV_start == NULL || *IV_start == NULL) {
IV = safe_malloc(IV_size);
/* fprintf(stderr, "Initializing key-based IV\n"); */
/* This is at least as secure as starting with a zeroed IV */
pbkdf2(data_mkey, data_mkey_size, "I", 1, SUBKEY_ITER, hash_idx, IV, &IV_size);
}
if (IV_start != NULL) {
if (*IV_start != NULL) {
/* fprintf(stderr, "IV = *IV_start\n"); */
IV = *IV_start;
} else {
/* fprintf(stderr, "*IV_start = IV\n"); */
*IV_start = IV;
}
}
if (mode == MODE_DECRYPT && data_chk_hmac != NULL) {
if ((err = hmac_vrfymem(hash_idx,
data_hkey, data_hkey_size,
data_in, data_size, data_chk_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
crypt_data_return(THRCR_BADMAC);
}
}
/* LTC_CTR_RFC3686 is needed to avoid reusing a counter value. */
if ((err = ctr_start(find_cipher("aes"), IV, data_ckey, data_ckey_size, 0,
CTR_COUNTER_BIG_ENDIAN | LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
fprintf(stderr, "Error initializing cipher: %d\n", err);
crypt_data_return(-1);
}
/* ctr_encrypt is used for both encryption and decryption */
if ((err = ctr_encrypt(data_in, data_out, data_size, &ctr)) != CRYPT_OK) {
fprintf(stderr, "ctr_encrypt error: %s\n", error_to_string(err));
ctr_done(&ctr); /* done with cipher, clean up keys */
crypt_data_return(-1);
}
ctr_done(&ctr); /* done with cipher, clean up keys */
if (mode == MODE_ENCRYPT && data_new_hmac != NULL) {
if ((err = hmac_memory(hash_idx,
data_hkey, data_hkey_size,
data_out, data_size, data_new_hmac,
(long unsigned int *)&data_hmac_size)) != CRYPT_OK) {
fprintf(stderr, "hmac error: %s\n", error_to_string(err));
crypt_data_return(-1);
}
}
crypt_data_return:
/* before actually returning, make sure key material isn't in memory */
MEMWIPE(&ctr, sizeof(ctr));
MEMWIPE(subkeys, data_ckey_size + data_hkey_size);
#ifdef _POSIX_MEMLOCK_RANGE
munlock(subkeys, data_ckey_size + data_hkey_size);
#endif
safe_free(subkeys);
/* save the IV */
if (IV_start != NULL && *IV_start != NULL) {
/* fprintf(stderr, "*IV_start = ctr.ctr\n"); */
ctr_getiv(*IV_start, &IV_size, &ctr);
} else {
safe_free(IV);
}
return ret;
}
