API tools faq
paste
Advertisement
AnthonyCagliano

Untitled

AnthonyCagliano
Apr 4th, 2023
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.57 KB | None | 0 0
raw download clone embed print report
  1. #define ghash_start(buf) memset((buf), 0, 16)
  2.  
  3. void ghash(aes_ctx *ctx, uint8_t *out_buf, const uint8_t *data, size_t len)
  4. {
  5. uint8_t tbuf[AES_BLOCK_SIZE];
  6. size_t data_offset = 0;
  7.  
  8. // the cache allows for incomplete blocks to be queued
  9. // the next call to update will concat the queue and new aad
  10. if(ctx->mode.gcm.aad_cache_len){
  11. size_t cache_len = ctx->mode.gcm.aad_cache_len;
  12. data_offset = MIN(len, AES_BLOCK_SIZE - cache_len);
  13. if(data_offset + cache_len < AES_BLOCK_SIZE){
  14. // if new aad is not enough to fill a block, update queue and stop w/o processing
  15. memcpy(&ctx->mode.gcm.aad_cache[cache_len], data, data_offset);
  16. ctx->mode.gcm.aad_cache_len += data_offset;
  17. return;
  18. }
  19. else {
  20. // if new aad is enough to fill a block, concat queue and rest of block from aad
  21. // then update hash
  22. memcpy(tbuf, ctx->mode.gcm.aad_cache, cache_len);
  23. memcpy(&tbuf[cache_len], data, data_offset);
  24. xor_buf(tbuf, out_buf, AES_BLOCK_SIZE);
  25. aes_gf2_mul(out_buf, out_buf, ctx->mode.gcm.ghash_key);
  26. ctx->mode.gcm.aad_cache_len = 0;
  27. }
  28. }
  29.  
  30. // now process any remaining aad data
  31. for(uint24_t idx = data_offset; idx < len; idx += AES_BLOCK_SIZE){
  32. size_t bytes_copy = MIN(AES_BLOCK_SIZE, len - idx);
  33. if(bytes_copy < AES_BLOCK_SIZE){
  34. // if aad_len < block size, write bytes to queue.
  35. // no return here because this condition should just exit out next loop
  36. memcpy(ctx->mode.gcm.aad_cache, &data[idx], bytes_copy);
  37. ctx->mode.gcm.aad_cache_len = bytes_copy;
  38. }
  39. else {
  40. // if aad_len >= block size, update hash for block
  41. memcpy(tbuf, &data[idx], AES_BLOCK_SIZE);
  42. xor_buf(tbuf, out_buf, AES_BLOCK_SIZE);
  43. aes_gf2_mul(out_buf, out_buf, ctx->mode.gcm.ghash_key);
  44. }
  45. }
  46. }
  47.  
  48. void aes_gcm_prepare_iv(aes_ctx *ctx, const uint8_t *iv, size_t iv_len)
  49. {
  50. uint8_t tbuf[AES_BLOCK_SIZE];
  51. // memset(ctx->iv, 0, AES_BLOCK_SIZE);
  52. // ^^ this should already be zero'd from aes_init
  53.  
  54. if (iv_len == 12) {
  55. /* Prepare block J_0 = IV || 0^31 || 1 [len(IV) = 96] */
  56. // memcpy(ctx->iv, iv, iv_len);
  57. // ^^ this should already be done by aes_init
  58. ctx->iv[AES_BLOCK_SIZE - 1] = 0x01;
  59. } else {
  60. /*
  61. * s = 128 * ceil(len(IV)/128) - len(IV)
  62. * J_0 = GHASH_H(IV || 0^(s+64) || [len(IV)]_64)
  63. */
  64. // hash the IV. Pad to block size
  65. memset(tbuf, 0, AES_BLOCK_SIZE);
  66. memcpy(tbuf, iv, iv_len);
  67. ghash(ctx, ctx->iv, tbuf, sizeof(tbuf));
  68.  
  69. memset(tbuf, 0, AES_BLOCK_SIZE>>1);
  70. bytelen_to_bitlen(iv_len, &tbuf[8]); // outputs in BE
  71.  
  72. ghash(ctx, ctx->iv, tbuf, sizeof(tbuf));
  73. memrev(ctx->iv, AES_BLOCK_SIZE);
  74. }
  75. }
  76.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!