static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8]) { /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes * of the AES output. If last time around we returned the ndx-1st * element, then we may have the result in the cache already. */ #if (UMAC_OUTPUT_LEN == 4) #define LOW_BIT_MASK 3 #elif (UMAC_OUTPUT_LEN == 8) #define LOW_BIT_MASK 1 #elif (UMAC_OUTPUT_LEN > 8) #define LOW_BIT_MASK 0 #endif union { UINT8 tmp_nonce_lo[4]; UINT32 align; } t; #if LOW_BIT_MASK != 0 int ndx = nonce[7] & LOW_BIT_MASK; #endif memcpy(t.tmp_nonce_lo, nonce + 4, sizeof(t.tmp_nonce_lo)); t.tmp_nonce_lo[3] &= ~LOW_BIT_MASK; /* zero last bit */ if (memcmp(t.tmp_nonce_lo, pc->nonce + 1, sizeof(t.tmp_nonce_lo)) != 0 || memcmp(nonce, pc->nonce, sizeof(t.tmp_nonce_lo)) != 0) { memcpy(pc->nonce, nonce, sizeof(t.tmp_nonce_lo)); memcpy(pc->nonce + 4, t.tmp_nonce_lo, sizeof(t.tmp_nonce_lo)); aes_encryption(pc->nonce, pc->cache, pc->prf_key); } #if (UMAC_OUTPUT_LEN == 4) xor32(buf, 0, pc->cache, ndx); #elif (UMAC_OUTPUT_LEN == 8) xor64(buf, 0, pc->cache, ndx); #elif (UMAC_OUTPUT_LEN == 12) xor64(buf, 0, pc->cache, 0); xor32(buf, 2, pc->cache, 2); #elif (UMAC_OUTPUT_LEN == 16) xor64(buf, 0, pc->cache, 0); xor64(buf, 1, pc->cache, 1); #endif }
//------------------------------------------------------------------------------ //! @brief get cmac-bf sign to message //! //! @param[in] message message to sign //! //! @return sign for message as string //------------------------------------------------------------------------------ QString CCMAC_Bf::sign(const QString &message) { QByteArray msg = message.toUtf8(); QByteArray prev = QByteArray(mBs, '\0'); QByteArray tok; QByteArray key; int i; int pad; int loop = msg.size() / mBs; if ((pad = (msg.size() % mBs)) == 0) { loop --; } for (i = 0; i < loop; i ++) { tok = msg.mid(i * mBs, mBs); prev = pBubbles->encrypted(xor64(tok, prev)); } if (pad == 0) { key = mK1; tok = msg.mid(loop * mBs, mBs); } else { key = mK2; tok = msg.mid(loop * mBs, pad); tok.append(0x80); for (i = (pad + 1); i < mBs; i++) { tok.append((char)0); } } return QString(pBubbles->encrypted(xor64(xor64(tok, prev), key)).toHex()); }
EXPORT void maruGenBlockKey(maruAspect *a, maruKey *key, int keylen, m_u32 blockno) { int n; m_u32 dm = (m_u32)1 << (a->instance->depth-1); assert(keylen >= sizeof(m_u64)); bzero(key, keylen); /* We no-longer use the cachable method, as we can get some extra security by using the block no as an iv, at the * "expense" of non-predictability in similar msb runs */ *(m_u32*)key = hton32(blockno); /* this is really just a log2, to find the leftmost set bit */ for (n=0,blockno++;!(blockno & dm); blockno<<=1, n++) {} /* XXX verify behavior for block # 2^32-1 */ for (n=a->instance->depth-n; n>0; blockno<<=1, n--) { int x = !(blockno & dm); xor64((m_u64*)key, (m_u64*)&a->lattice[(n*2+x)*keylen], keylen); a->latticeCipher->crypt(a->latticeOpaque[x], NULL, key->data, key->data, keylen, x? MCD_DECRYPT: MCD_ENCRYPT); } }