/** Terminate the chain @param cfb The CFB chain to terminate @return CRYPT_OK on success */ int cfb_done(symmetric_CFB *cfb) { int err; LTC_ARGCHK(cfb != NULL); if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[cfb->cipher].done(&cfb->key); return CRYPT_OK; }
/** Terminate the hash to get the digest @param md The hash state @param out [out] The destination of the hash (length of the block size of the block cipher) @return CRYPT_OK if successful */ int chc_done(hash_state *md, unsigned char *out) { int err; LTC_ARGCHK(md != NULL); LTC_ARGCHK(out != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { return err; } if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { return CRYPT_INVALID_CIPHER; } if (md->chc.curlen >= sizeof(md->chc.buf)) { return CRYPT_INVALID_ARG; } /* increase the length of the message */ md->chc.length += md->chc.curlen * 8; /* append the '1' bit */ md->chc.buf[md->chc.curlen++] = (unsigned char)0x80; /* if the length is currently above l-8 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) { while (md->chc.curlen < (unsigned long)cipher_blocksize) { md->chc.buf[md->chc.curlen++] = (unsigned char)0; } chc_compress(md, md->chc.buf); md->chc.curlen = 0; } /* pad upto l-8 bytes of zeroes */ while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) { md->chc.buf[md->chc.curlen++] = (unsigned char)0; } /* store length */ STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8)); chc_compress(md, md->chc.buf); /* copy output */ XMEMCPY(out, md->chc.state, cipher_blocksize); #ifdef LTC_CLEAN_STACK zeromem(md, sizeof(hash_state)); #endif return CRYPT_OK; }
/** Terminate the chain @param ofb The OFB chain to terminate @return CRYPT_OK on success */ INT ofb_done(symmetric_OFB *ofb) { INT err; LTC_ARGCHK(ofb != NULL); if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[ofb->cipher].done(&ofb->key); return CRYPT_OK; }
/** Initialize a CTR context @param cipher The index of the cipher desired @param IV The initial vector @param key The secret key @param keylen The length of the secret key (octets) @param num_rounds Number of rounds in the cipher desired (0 for default) @param ctr_mode The counter mode (CTR_COUNTER_LITTLE_ENDIAN or CTR_COUNTER_BIG_ENDIAN) @param ctr The CTR state to initialize @return CRYPT_OK if successful */ int ctr_start( int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, int ctr_mode, symmetric_CTR *ctr) { int x, err; LTC_ARGCHK(IV != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ctr != NULL); /* bad param? */ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } /* setup cipher */ if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) { return err; } /* copy ctr */ ctr->blocklen = cipher_descriptor[cipher].block_length; ctr->cipher = cipher; ctr->padlen = 0; ctr->mode = ctr_mode & 1; for (x = 0; x < ctr->blocklen; x++) { ctr->ctr[x] = IV[x]; } if (ctr_mode & LTC_CTR_RFC3686) { /* increment the IV as per RFC 3686 */ if (ctr->mode == CTR_COUNTER_LITTLE_ENDIAN) { /* little-endian */ for (x = 0; x < ctr->blocklen; x++) { ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; if (ctr->ctr[x] != (unsigned char)0) { break; } } } else { /* big-endian */ for (x = ctr->blocklen-1; x >= 0; x--) { ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; if (ctr->ctr[x] != (unsigned char)0) { break; } } } } return cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key); }
int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) { unsigned long n, x; int err; LTC_ARGCHK(omac != NULL); LTC_ARGCHK(in != NULL); if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) { return err; } if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) || (omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST if (omac->buflen == 0 && inlen > 16) { int y; for (x = 0; x < (inlen - 16); x += 16) { for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y])); } in += 16; if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { return err; } } inlen -= x; } #endif while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (omac->buflen == omac->blklen) { for (x = 0; x < (unsigned long)omac->blklen; x++) { omac->block[x] ^= omac->prev[x]; } if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key)) != CRYPT_OK) { return err; } omac->buflen = 0; } /* add bytes */ n = MIN(inlen, (unsigned long)(omac->blklen - omac->buflen)); XMEMCPY(omac->block + omac->buflen, in, n); omac->buflen += n; inlen -= n; in += n; } return CRYPT_OK; }
/** Terminate the chain @param f8 The F8 chain to terminate @return CRYPT_OK on success */ int f8_done(symmetric_F8 *f8) { int err; LTC_ARGCHK(f8 != NULL); if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[f8->cipher].done(&f8->key); return CRYPT_OK; }
/** Terminate the chain @param ecb The ECB chain to terminate @return CRYPT_OK on success */ int ecb_done(symmetric_ECB *ecb) { int err; LTC_ARGCHK(ecb != NULL); if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[ecb->cipher].done(&ecb->key); return CRYPT_OK; }
/** Initialize an F8 context @param cipher The index of the cipher desired @param IV The initial vector @param key The secret key @param keylen The length of the secret key (octets) @param salt_key The salting key for the IV @param skeylen The length of the salting key (octets) @param num_rounds Number of rounds in the cipher desired (0 for default) @param f8 The F8 state to initialize @return CRYPT_OK if successful */ int f8_start( int cipher, const unsigned char *IV, const unsigned char *key, int keylen, const unsigned char *salt_key, int skeylen, int num_rounds, symmetric_F8 *f8) { int x, err; unsigned char tkey[MAXBLOCKSIZE]; LTC_ARGCHK(IV != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(salt_key != NULL); LTC_ARGCHK(f8 != NULL); if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } /* copy details */ f8->blockcnt = 0; f8->cipher = cipher; f8->blocklen = cipher_descriptor[cipher].block_length; f8->padlen = f8->blocklen; /* now get key ^ salt_key [extend salt_ket with 0x55 as required to match length] */ zeromem(tkey, sizeof(tkey)); for (x = 0; x < keylen && x < (int)sizeof(tkey); x++) { tkey[x] = key[x]; } for (x = 0; x < skeylen && x < (int)sizeof(tkey); x++) { tkey[x] ^= salt_key[x]; } for (; x < keylen && x < (int)sizeof(tkey); x++) { tkey[x] ^= 0x55; } /* now encrypt with tkey[0..keylen-1] the IV and use that as the IV */ if ((err = cipher_descriptor[cipher].setup(tkey, keylen, num_rounds, &f8->key)) != CRYPT_OK) { return err; } /* encrypt IV */ if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->MIV, &f8->key)) != CRYPT_OK) { cipher_descriptor[f8->cipher].done(&f8->key); return err; } zeromem(tkey, sizeof(tkey)); zeromem(f8->IV, sizeof(f8->IV)); /* terminate this cipher */ cipher_descriptor[f8->cipher].done(&f8->key); /* init the cipher */ return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &f8->key); }
/** Terminate the chain @param cbc The CBC chain to terminate @return CRYPT_OK on success */ INT cbc_done(symmetric_CBC *cbc) { INT err; LTC_ARGCHK(cbc != NULL); if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[cbc->cipher].done(&cbc->key); return CRYPT_OK; }
/** CTR encrypt @param pt Plaintext @param ct [out] Ciphertext @param len Length of plaintext (octets) @param ctr CTR state @return CRYPT_OK if successful */ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) { unsigned long incr; int err; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(ctr != NULL); if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { return err; } /* is blocklen/padlen valid? */ if (ctr->blocklen < 1 || ctr->blocklen > (int)sizeof(ctr->ctr) || ctr->padlen < 0 || ctr->padlen > (int)sizeof(ctr->pad)) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { return CRYPT_INVALID_ARG; } #endif if (cipher_descriptor[ctr->cipher]->accel_ctr_encrypt != NULL ) { /* handle acceleration only if not in the middle of a block, accelerator is present and length is >= a block size */ if ((ctr->padlen == 0 || ctr->padlen == ctr->blocklen) && len >= (unsigned long)ctr->blocklen) { if ((err = cipher_descriptor[ctr->cipher]->accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { return err; } pt += (len / ctr->blocklen) * ctr->blocklen; ct += (len / ctr->blocklen) * ctr->blocklen; len %= ctr->blocklen; /* counter was changed by accelerator so mark pad empty (will need updating in ctr_encrypt_sub()) */ ctr->padlen = ctr->blocklen; } /* try to re-synchronize on a block boundary for maximum use of acceleration */ incr = ctr->blocklen - ctr->padlen; if (len >= incr + (unsigned long)ctr->blocklen) { if ((err = ctr_encrypt_sub(pt, ct, incr, ctr)) != CRYPT_OK) { return err; } pt += incr; ct += incr; len -= incr; return ctr_encrypt(pt, ct, len, ctr); } } return ctr_encrypt_sub(pt, ct, len, ctr); }
/** Terminate an OMAC stream @param omac The OMAC state @param out [out] Destination for the authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag @return CRYPT_OK if successful */ int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen) { int err, mode; unsigned x; LTC_ARGCHK(omac != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) { return err; } if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) || (omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) { return CRYPT_INVALID_ARG; } /* figure out mode */ if (omac->buflen != omac->blklen) { /* add the 0x80 byte */ omac->block[omac->buflen++] = 0x80; /* pad with 0x00 */ while (omac->buflen < omac->blklen) { omac->block[omac->buflen++] = 0x00; } mode = 1; } else { mode = 0; } /* now xor prev + Lu[mode] */ for (x = 0; x < (unsigned)omac->blklen; x++) { omac->block[x] ^= omac->prev[x] ^ omac->Lu[mode][x]; } /* encrypt it */ if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->block, &omac->key)) != CRYPT_OK) { return err; } cipher_descriptor[omac->cipher_idx].done(&omac->key); /* output it */ for (x = 0; x < (unsigned)omac->blklen && x < *outlen; x++) { out[x] = omac->block[x]; } *outlen = x; #ifdef LTC_CLEAN_STACK zeromem(omac, sizeof(*omac)); #endif return CRYPT_OK; }
/** ECB encrypt @param pt Plaintext @param ct [out] Ciphertext @param ecb ECB state @return CRYPT_OK if successful */ int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb) { int err; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(ecb != NULL); if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key); return CRYPT_OK; }
/** Terminate a LRW state @param lrw The state to terminate @return CRYPT_OK if successful */ int lrw_done(symmetric_LRW *lrw) { int err; LTC_ARGCHK(lrw != NULL); if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { return err; } cipher_descriptor[lrw->cipher].done(&lrw->key); return CRYPT_OK; }
/** Initialize a ECB context @param cipher The index of the cipher desired @param key The secret key @param keylen The length of the secret key (octets) @param num_rounds Number of rounds in the cipher desired (0 for default) @param ecb The ECB state to initialize @return CRYPT_OK if successful */ int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb) { int err; LTC_ARGCHK(key != NULL); LTC_ARGCHK(ecb != NULL); if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } ecb->cipher = cipher; ecb->blocklen = cipher_descriptor[cipher].block_length; return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ecb->key); }
/** Initialize a CCM state @param ccm The CCM state to initialize @param cipher The index of the cipher to use @param key The secret key @param keylen The length of the secret key @param ptlen The length of the plain/cipher text that will be processed @param taglen The max length of the MAC tag @param aadlen The length of the AAD @return CRYPT_OK on success */ int ccm_init(ccm_state *ccm, int cipher, const unsigned char *key, int keylen, int ptlen, int taglen, int aadlen) { int err; LTC_ARGCHK(ccm != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(taglen != 0); XMEMSET(ccm, 0, sizeof(ccm_state)); /* check cipher input */ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } if (cipher_descriptor[cipher].block_length != 16) { return CRYPT_INVALID_CIPHER; } /* make sure the taglen is even and <= 16 */ ccm->taglen = taglen; ccm->taglen &= ~1; if (ccm->taglen > 16) { ccm->taglen = 16; } /* can't use < 4 */ if (ccm->taglen < 4) { return CRYPT_INVALID_ARG; } /* schedule key */ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) { return err; } ccm->cipher = cipher; /* let's get the L value */ ccm->ptlen = ptlen; ccm->L = 0; while (ptlen) { ++ccm->L; ptlen >>= 8; } if (ccm->L <= 1) { ccm->L = 2; } ccm->aadlen = aadlen; return CRYPT_OK; }
/** Terminate a GCM stream @param gcm The GCM state @param tag [out] The destination for the MAC tag @param taglen [in/out] The length of the MAC tag @return CRYPT_OK on success */ int gcm_done(gcm_state *gcm, unsigned char *tag, unsigned long *taglen) { unsigned long x; int err; LTC_ARGCHK(gcm != NULL); LTC_ARGCHK(tag != NULL); LTC_ARGCHK(taglen != NULL); if (gcm->buflen > 16 || gcm->buflen < 0) { return CRYPT_INVALID_ARG; } if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { return err; } if (gcm->mode != LTC_GCM_MODE_TEXT) { return CRYPT_INVALID_ARG; } /* handle remaining ciphertext */ if (gcm->buflen) { gcm->pttotlen += gcm->buflen * CONST64(8); gcm_mult_h(gcm, gcm->X); } /* length */ STORE64H(gcm->totlen, gcm->buf); STORE64H(gcm->pttotlen, gcm->buf+8); for (x = 0; x < 16; x++) { gcm->X[x] ^= gcm->buf[x]; } gcm_mult_h(gcm, gcm->X); /* encrypt original counter */ if ((err = cipher_descriptor[gcm->cipher]->ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) { return err; } for (x = 0; x < 16 && x < *taglen; x++) { tag[x] = gcm->buf[x] ^ gcm->X[x]; } *taglen = x; cipher_descriptor[gcm->cipher]->done(&gcm->K); return CRYPT_OK; }
/** LTC_OMAC a block of memory @param cipher The index of the desired cipher @param key The secret key @param keylen The length of the secret key (octets) @param in The data to send through LTC_OMAC @param inlen The length of the data to send through LTC_OMAC (octets) @param out [out] The destination of the authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag (octets) @return CRYPT_OK if successful */ int omac_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { int err; omac_state *omac; LTC_ARGCHK(key != NULL); LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { return err; } /* Use accelerator if found */ if (cipher_descriptor[cipher].omac_memory != NULL) { return cipher_descriptor[cipher].omac_memory(key, keylen, in, inlen, out, outlen); } /* allocate ram for omac state */ omac = XMALLOC(sizeof(omac_state)); if (omac == NULL) { return CRYPT_MEM; } /* omac process the message */ if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = omac_process(omac, in, inlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = omac_done(omac, out, outlen)) != CRYPT_OK) { goto LBL_ERR; } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(omac, sizeof(omac_state)); #endif XFREE(omac); return err; }
int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen) { int err, x; LTC_ARGCHK(state != NULL); LTC_ARGCHK(out != NULL); if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) { return err; } if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) || (state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) { return CRYPT_INVALID_ARG; } /* handle padding. If multiple xor in L/x */ if (state->buflen == state->block_len) { /* xor Lr against the checksum */ for (x = 0; x < state->block_len; x++) { state->checksum[x] ^= state->block[x] ^ state->Lr[x]; } } else { /* otherwise xor message bytes then the 0x80 byte */ for (x = 0; x < state->buflen; x++) { state->checksum[x] ^= state->block[x]; } state->checksum[x] ^= 0x80; } /* encrypt it */ if ((err = cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key)) != CRYPT_OK) { return err; } cipher_descriptor[state->cipher_idx].done(&state->key); /* store it */ for (x = 0; x < state->block_len && x < (int)*outlen; x++) { out[x] = state->checksum[x]; } *outlen = x; #ifdef LTC_CLEAN_STACK zeromem(state, sizeof(*state)); #endif return CRYPT_OK; }
/** CTR encrypt @param pt Plaintext @param ct [out] Ciphertext @param len Length of plaintext (octets) @param ctr CTR state @return CRYPT_OK if successful */ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) { int err, fr; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(ctr != NULL); if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { return err; } /* is blocklen/padlen valid? */ if ((ctr->blocklen < 1) || (ctr->blocklen > (int)sizeof(ctr->ctr)) || (ctr->padlen < 0) || (ctr->padlen > (int)sizeof(ctr->pad))) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { return CRYPT_INVALID_ARG; } #endif /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ if ((cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL) && (len >= (unsigned long)ctr->blocklen)) { if (ctr->padlen < ctr->blocklen) { fr = ctr->blocklen - ctr->padlen; if ((err = _ctr_encrypt(pt, ct, fr, ctr)) != CRYPT_OK) { return err; } pt += fr; ct += fr; len -= fr; } if (len >= (unsigned long)ctr->blocklen) { if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { return err; } pt += (len / ctr->blocklen) * ctr->blocklen; ct += (len / ctr->blocklen) * ctr->blocklen; len %= ctr->blocklen; } } return _ctr_encrypt(pt, ct, len, ctr); }
/** Set the IV for LRW @param IV The IV, must be 16 octets @param len Length ... must be 16 :-) @param lrw The LRW state to update @return CRYPT_OK if successful */ int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw) { int err; #ifdef LTC_LRW_TABLES unsigned char T[16]; int x, y; #endif LTC_ARGCHK(IV != NULL); LTC_ARGCHK(lrw != NULL); if (len != 16) { return CRYPT_INVALID_ARG; } if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { return err; } /* copy the IV */ XMEMCPY(lrw->IV, IV, 16); /* check if we have to actually do work */ if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { /* we have accelerators, let's bail since they don't use lrw->pad anyways */ return CRYPT_OK; } #ifdef LTC_LRW_TABLES XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16); for (x = 1; x < 16; x++) { #ifdef LTC_FAST for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][IV[x]][y])); } #else for (y = 0; y < 16; y++) { T[y] ^= lrw->PC[x][IV[x]][y]; } #endif } XMEMCPY(lrw->pad, T, 16); #else gcm_gf_mult(lrw->tweak, IV, lrw->pad); #endif return CRYPT_OK; }
/** Process a block of memory though the hash @param md The hash state @param in The data to hash @param inlen The length of the data (octets) @return CRYPT_OK if successful */ int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen) { int err; LTC_ARGCHK(md != NULL); LTC_ARGCHK(in != NULL); /* is the cipher valid? */ if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { return err; } if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { return CRYPT_INVALID_CIPHER; } return _chc_process(md, in, inlen); }
/** Process data through f9-MAC @param f9 The f9-MAC state @param in Input data to process @param inlen Length of input in octets Return CRYPT_OK on success */ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen) { int err, x; LTC_ARGCHK(f9 != NULL); LTC_ARGCHK(in != NULL); /* check structure */ if ((err = cipher_is_valid(f9->cipher)) != CRYPT_OK) { return err; } if ((f9->blocksize > cipher_descriptor[f9->cipher].block_length) || (f9->blocksize < 0) || (f9->buflen > f9->blocksize) || (f9->buflen < 0)) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST if (f9->buflen == 0) { while (inlen >= (unsigned long)f9->blocksize) { for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)&(f9->IV[x])) ^= *((LTC_FAST_TYPE*)&(in[x])); } cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key); for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)&(f9->ACC[x])) ^= *((LTC_FAST_TYPE*)&(f9->IV[x])); } in += f9->blocksize; inlen -= f9->blocksize; } } #endif while (inlen) { if (f9->buflen == f9->blocksize) { cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key); for (x = 0; x < f9->blocksize; x++) { f9->ACC[x] ^= f9->IV[x]; } f9->buflen = 0; } f9->IV[f9->buflen++] ^= *in++; --inlen; } return CRYPT_OK; }
/** Decrypt a block with OCB. @param ocb The OCB state @param ct The ciphertext (length of the block size of the block cipher) @param pt [out] The plaintext (length of ct) @return CRYPT_OK if successful */ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) { unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; int err, x; LTC_ARGCHK(ocb != NULL); LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); /* check if valid cipher */ if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { return err; } LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL); /* check length */ if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { return CRYPT_INVALID_ARG; } /* Get Z[i] value */ ocb_shift_xor(ocb, Z); /* xor ct in, encrypt, xor Z out */ for (x = 0; x < ocb->block_len; x++) { tmp[x] = ct[x] ^ Z[x]; } if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) { return err; } for (x = 0; x < ocb->block_len; x++) { pt[x] ^= Z[x]; } /* compute checksum */ for (x = 0; x < ocb->block_len; x++) { ocb->checksum[x] ^= pt[x]; } #ifdef LTC_CLEAN_STACK zeromem(Z, sizeof(Z)); zeromem(tmp, sizeof(tmp)); #endif return CRYPT_OK; }
/** Terminate the f9-MAC state @param f9 f9 state to terminate @param out [out] Destination for the MAC tag @param outlen [in/out] Destination size and final tag size Return CRYPT_OK on success */ int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen) { int err, x; LTC_ARGCHK(f9 != NULL); LTC_ARGCHK(out != NULL); /* check structure */ if ((err = cipher_is_valid(f9->cipher)) != CRYPT_OK) { return err; } if ((f9->blocksize > cipher_descriptor[f9->cipher].block_length) || (f9->blocksize < 0) || (f9->buflen > f9->blocksize) || (f9->buflen < 0)) { return CRYPT_INVALID_ARG; } if (f9->buflen != 0) { /* encrypt */ cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key); f9->buflen = 0; for (x = 0; x < f9->blocksize; x++) { f9->ACC[x] ^= f9->IV[x]; } } /* schedule modified key */ if ((err = cipher_descriptor[f9->cipher].setup(f9->akey, f9->keylen, 0, &f9->key)) != CRYPT_OK) { return err; } /* encrypt the ACC */ cipher_descriptor[f9->cipher].ecb_encrypt(f9->ACC, f9->ACC, &f9->key); cipher_descriptor[f9->cipher].done(&f9->key); /* extract tag */ for (x = 0; x < f9->blocksize && (unsigned long)x < *outlen; x++) { out[x] = f9->ACC[x]; } *outlen = x; #ifdef LTC_CLEAN_STACK zeromem(f9, sizeof(*f9)); #endif return CRYPT_OK; }
/** Terminate the XCBC-MAC state @param xcbc XCBC state to terminate @param out [out] Destination for the MAC tag @param outlen [in/out] Destination size and final tag size Return CRYPT_OK on success */ int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen) { int err, x; LTC_ARGCHK(xcbc != NULL); LTC_ARGCHK(out != NULL); /* check structure */ if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) { return err; } if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) || (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) { return CRYPT_INVALID_ARG; } /* which key do we use? */ if (xcbc->buflen == xcbc->blocksize) { /* k2 */ for (x = 0; x < xcbc->blocksize; x++) { xcbc->IV[x] ^= xcbc->K[1][x]; } } else { xcbc->IV[xcbc->buflen] ^= 0x80; /* k3 */ for (x = 0; x < xcbc->blocksize; x++) { xcbc->IV[x] ^= xcbc->K[2][x]; } } /* encrypt */ cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); cipher_descriptor[xcbc->cipher].done(&xcbc->key); /* extract tag */ for (x = 0; x < xcbc->blocksize && (unsigned long)x < *outlen; x++) { out[x] = xcbc->IV[x]; } *outlen = x; #ifdef LTC_CLEAN_STACK zeromem(xcbc, sizeof(*xcbc)); #endif return CRYPT_OK; }
/** LRW decrypt blocks @param ct The ciphertext @param pt [out] The plaintext @param len The length in octets, must be a multiple of 16 @param lrw The LRW state */ int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw) { int err; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(lrw != NULL); if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { return err; } if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key); } return lrw_process(ct, pt, len, LRW_DECRYPT, lrw); }
/** Set an initial vector @param IV The initial vector @param len The length of the vector (in octets) @param cfb The CFB state @return CRYPT_OK if successful */ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb) { int err; LTC_ARGCHK(IV != NULL); LTC_ARGCHK(cfb != NULL); if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { return err; } if (len != (unsigned long)cfb->blocklen) { return CRYPT_INVALID_ARG; } /* force next block */ cfb->padlen = 0; return cipher_descriptor[cfb->cipher].ecb_encrypt(IV, cfb->IV, &cfb->key); }
/** Process data through XCBC-MAC @param xcbc The XCBC-MAC state @param in Input data to process @param inlen Length of input in octets Return CRYPT_OK on success */ int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen) { int err; #ifdef LTC_FAST int x; #endif LTC_ARGCHK(xcbc != NULL); LTC_ARGCHK(in != NULL); /* check structure */ if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) { return err; } if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) || (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST if (xcbc->buflen == 0) { while (inlen > (unsigned long)xcbc->blocksize) { for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) { *(LTC_FAST_TYPE_PTR_CAST(&(xcbc->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x]))); } cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); in += xcbc->blocksize; inlen -= xcbc->blocksize; } } #endif while (inlen) { if (xcbc->buflen == xcbc->blocksize) { cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); xcbc->buflen = 0; } xcbc->IV[xcbc->buflen++] ^= *in++; --inlen; } return CRYPT_OK; }
/** Set an initial vector @param IV The initial vector @param len The length of the vector (in octets) @param f8 The F8 state @return CRYPT_OK if successful */ int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8) { int err; LTC_ARGCHK(IV != NULL); LTC_ARGCHK(f8 != NULL); if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { return err; } if (len != (unsigned long)f8->blocklen) { return CRYPT_INVALID_ARG; } /* force next block */ f8->padlen = 0; return cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->IV, &f8->key); }
int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb) { int err; _ARGCHK(IV != NULL); _ARGCHK(ofb != NULL); if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { return err; } if (len != (unsigned long)ofb->blocklen) { return CRYPT_INVALID_ARG; } /* force next block */ ofb->padlen = 0; cipher_descriptor[ofb->cipher].ecb_encrypt(IV, ofb->IV, &ofb->key); return CRYPT_OK; }