xref: /third_party/openssl/crypto/modes/ocb128.c

92 static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
94     size_t l_index = ctx->l_index;
97         return ctx->l + idx;
101     if (idx >= ctx->max_l_index) {
112         ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
113         tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
114         if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
116         ctx->l = tmp_ptr;
119         ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
122     ctx->l_index = l_index;
124     return ctx->l + idx;
151 int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
155     memset(ctx, 0, sizeof(*ctx));
156     ctx->l_index = 0;
157     ctx->max_l_index = 5;
158     if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) {
168     ctx->encrypt = encrypt;
169     ctx->decrypt = decrypt;
170     ctx->stream = stream;
171     ctx->keyenc = keyenc;
172     ctx->keydec = keydec;
175     ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc);
178     ocb_double(&ctx->l_star, &ctx->l_dollar);
181     ocb_double(&ctx->l_dollar, ctx->l);
184     ocb_double(ctx->l, ctx->l+1);
185     ocb_double(ctx->l+1, ctx->l+2);
186     ocb_double(ctx->l+2, ctx->l+3);
187     ocb_double(ctx->l+3, ctx->l+4);
188     ctx->l_index = 4;   /* enough to process up to 496 bytes */
217 int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
233     memset(&ctx->sess, 0, sizeof(ctx->sess));
244     ctx->encrypt(tmp, ktop, ctx->keyenc);
255     ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c);
258     ctx->sess.offset.c[15] |=
268 int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
277     all_num_blocks = num_blocks + ctx->sess.blocks_hashed;
280     for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) {
284         lookup = ocb_lookup_l(ctx, ocb_ntz(i));
287         ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad);
293         ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
294         ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
295         ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
306         ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star,
307                         &ctx->sess.offset_aad);
313         ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
316         ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
317         ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
320     ctx->sess.blocks_hashed = all_num_blocks;
329 int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
341     all_num_blocks = num_blocks + ctx->sess.blocks_processed;
344         && ctx->stream != NULL) {
353         if (ocb_lookup_l(ctx, max_idx) == NULL)
356         ctx->stream(in, out, num_blocks, ctx->keyenc,
357                     (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
358                     (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
361         for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
366             lookup = ocb_lookup_l(ctx, ocb_ntz(i));
369             ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
375             ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
378             ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
379             ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
380             ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
397         ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
400         ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
409         ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
412     ctx->sess.blocks_processed = all_num_blocks;
421 int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
433     all_num_blocks = num_blocks + ctx->sess.blocks_processed;
436         && ctx->stream != NULL) {
445         if (ocb_lookup_l(ctx, max_idx) == NULL)
448         ctx->stream(in, out, num_blocks, ctx->keydec,
449                     (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
450                     (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
455         for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
458             OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
461             ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
467             ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
468             ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
469             ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
472             ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
489         ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
492         ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
501         ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
504     ctx->sess.blocks_processed = all_num_blocks;
509 static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len,
521     ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp);
522     ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
523     ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
524     ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp);
537 int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
540     return ocb_finish(ctx, (unsigned char*)tag, len, 0);
546 int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
548     return ocb_finish(ctx, tag, len, 1);
554 void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
556     if (ctx) {
557         OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
558         OPENSSL_cleanse(ctx, sizeof(*ctx));

Indexes created Thu Nov 07 10:32:03 CST 2024