/** Terminate a decrypting OCB state @param ocb The OCB state @param ct The ciphertext (if any) @param ctlen The length of the ciphertext (octets) @param pt [out] The plaintext @param tag The authentication tag (to compare against) @param taglen The length of the authentication tag provided @param stat [out] The result of the tag comparison @return CRYPT_OK if the process was successful regardless if the tag is valid */ int ocb_done_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, const unsigned char *tag, unsigned long taglen, int *stat) { int err; unsigned char *tagbuf; unsigned long tagbuflen; LTC_ARGCHK(ocb != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(tag != NULL); LTC_ARGCHK(stat != NULL); /* default to failed */ *stat = 0; /* allocate memory */ tagbuf = XMALLOC(MAXBLOCKSIZE); if (tagbuf == NULL) { return CRYPT_MEM; } tagbuflen = MAXBLOCKSIZE; if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) { goto LBL_ERR; } if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) { *stat = 1; } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(tagbuf, MAXBLOCKSIZE); #endif XFREE(tagbuf); return err; }
/** Decrypt a block of memory and verify the provided MAC tag with EAX @param cipher The index of the cipher desired @param key The secret key @param keylen The length of the key (octets) @param nonce The nonce data (use once) for the session @param noncelen The length of the nonce data. @param header The session header data @param headerlen The length of the header (octets) @param ct The ciphertext @param ctlen The length of the ciphertext (octets) @param pt [out] The plaintext @param tag The authentication tag provided by the encoder @param taglen [in/out] The length of the tag (octets) @param stat [out] The result of the decryption (1==valid tag, 0==invalid) @return CRYPT_OK if successful regardless of the resulting tag comparison */ int eax_decrypt_verify_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, unsigned long noncelen, const unsigned char *header, unsigned long headerlen, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, unsigned char *tag, unsigned long taglen, int *stat) { int err; eax_state *eax; unsigned char *buf; unsigned long buflen; LTC_ARGCHK(stat != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(tag != NULL); /* default to zero */ *stat = 0; /* limit taglen */ taglen = MIN(taglen, MAXBLOCKSIZE); /* allocate ram */ buf = XMALLOC(taglen); eax = XMALLOC(sizeof(*eax)); if (eax == NULL || buf == NULL) { if (eax != NULL) { XFREE(eax); } if (buf != NULL) { XFREE(buf); } return CRYPT_MEM; } if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) { goto LBL_ERR; } buflen = taglen; if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) { goto LBL_ERR; } /* compare tags */ if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) { *stat = 1; } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(buf, taglen); zeromem(eax, sizeof(*eax)); #endif XFREE(eax); XFREE(buf); return err; }
int ecc_dp_set_by_oid(ltc_ecc_set_type *dp, unsigned long *oid, unsigned long oidsize) { int i; unsigned long len; for(i=0; ltc_ecc_sets[i].size != 0; i++) { if ((oidsize == ltc_ecc_sets[i].oid.OIDlen) && (XMEM_NEQ(oid, ltc_ecc_sets[i].oid.OID, sizeof(unsigned long) * ltc_ecc_sets[i].oid.OIDlen) == 0)) { break; } } if (ltc_ecc_sets[i].size == 0) return CRYPT_INVALID_ARG; /* not found */ /* a */ len = (unsigned long)strlen(ltc_ecc_sets[i].A); if ((dp->A = XMALLOC(1+len)) == NULL) goto cleanup1; strncpy(dp->A, ltc_ecc_sets[i].A, 1+len); /* b */ len = (unsigned long)strlen(ltc_ecc_sets[i].B); if ((dp->B = XMALLOC(1+len)) == NULL) goto cleanup2; strncpy(dp->B, ltc_ecc_sets[i].B, 1+len); /* order */ len = (unsigned long)strlen(ltc_ecc_sets[i].order); if ((dp->order = XMALLOC(1+len)) == NULL) goto cleanup3; strncpy(dp->order, ltc_ecc_sets[i].order, 1+len); /* prime */ len = (unsigned long)strlen(ltc_ecc_sets[i].prime); if ((dp->prime = XMALLOC(1+len)) == NULL) goto cleanup4; strncpy(dp->prime, ltc_ecc_sets[i].prime, 1+len); /* gx */ len = (unsigned long)strlen(ltc_ecc_sets[i].Gx); if ((dp->Gx = XMALLOC(1+len)) == NULL) goto cleanup5; strncpy(dp->Gx, ltc_ecc_sets[i].Gx, 1+len); /* gy */ len = (unsigned long)strlen(ltc_ecc_sets[i].Gy); if ((dp->Gy = XMALLOC(1+len)) == NULL) goto cleanup6; strncpy(dp->Gy, ltc_ecc_sets[i].Gy, 1+len); /* cofactor & size */ dp->cofactor = ltc_ecc_sets[i].cofactor; dp->size = ltc_ecc_sets[i].size; /* name */ len = (unsigned long)strlen(ltc_ecc_sets[i].name); if ((dp->name = XMALLOC(1+len)) == NULL) goto cleanup7; strncpy(dp->name, ltc_ecc_sets[i].name, 1+len); /* oid */ dp->oid.OIDlen = ltc_ecc_sets[i].oid.OIDlen; XMEMCPY(dp->oid.OID, ltc_ecc_sets[i].oid.OID, dp->oid.OIDlen * sizeof(dp->oid.OID[0])); /* done - success */ return CRYPT_OK; cleanup7: XFREE(dp->Gy); cleanup6: XFREE(dp->Gx); cleanup5: XFREE(dp->prime); cleanup4: XFREE(dp->order); cleanup3: XFREE(dp->B); cleanup2: XFREE(dp->A); cleanup1: return CRYPT_MEM; }
/** Decrypt and compare the tag with OCB @param cipher The index of the cipher desired @param key The secret key @param keylen The length of the secret key (octets) @param nonce The session nonce (length of the block size of the block cipher) @param noncelen The length of the nonce (octets) @param adata The AAD - additional associated data @param adatalen The length of AAD (octets) @param ct The ciphertext @param ctlen The length of the ciphertext (octets) @param pt [out] The plaintext @param tag The tag to compare against @param taglen The length of the tag (octets) @param stat [out] The result of the tag comparison (1==valid, 0==invalid) @return CRYPT_OK if successful regardless of the tag comparison */ int ocb3_decrypt_verify_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *nonce, unsigned long noncelen, const unsigned char *adata, unsigned long adatalen, const unsigned char *ct, unsigned long ctlen, unsigned char *pt, const unsigned char *tag, unsigned long taglen, int *stat) { int err; ocb3_state *ocb; unsigned char *buf; unsigned long buflen; LTC_ARGCHK(stat != NULL); /* default to zero */ *stat = 0; /* limit taglen */ taglen = MIN(taglen, MAXBLOCKSIZE); /* allocate memory */ buf = XMALLOC(taglen); ocb = XMALLOC(sizeof(ocb3_state)); if (ocb == NULL || buf == NULL) { if (ocb != NULL) { XFREE(ocb); } if (buf != NULL) { XFREE(buf); } return CRYPT_MEM; } if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) { goto LBL_ERR; } if (adata != NULL || adatalen != 0) { if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { goto LBL_ERR; } } if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) { goto LBL_ERR; } buflen = taglen; if ((err = ocb3_done(ocb, buf, &buflen)) != CRYPT_OK) { goto LBL_ERR; } /* compare tags */ if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) { *stat = 1; } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(ocb, sizeof(ocb3_state)); #endif XFREE(ocb); XFREE(buf); return err; }