API tools faq
paste
Advertisement
AnthonyCagliano

Untitled

AnthonyCagliano
Apr 1st, 2023
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.50 KB | None | 0 0
raw download clone embed print report
  1. #define MIN(x, y) ((x) < (y)) ? (x) : (y)
  2.  
  3.  
  4.  
  5.  
  6. #define ghash_start(buf) memset((buf), 0, 16)
  7.  
  8. void ghash(aes_ctx *ctx, uint8_t *out_buf, const uint8_t *data, size_t len)
  9. {
  10. uint8_t tbuf[AES_BLOCK_SIZE];
  11. size_t data_offset = 0;
  12.  
  13. // the cache allows for incomplete blocks to be queued
  14. // the next call to update will concat the queue and new aad
  15. if(ctx->mode.gcm.aad_cache_len){
  16. size_t cache_len = ctx->mode.gcm.aad_cache_len;
  17. data_offset = MIN(len, AES_BLOCK_SIZE - cache_len);
  18. if(data_offset + cache_len < AES_BLOCK_SIZE){
  19. // if new aad is not enough to fill a block, update queue and stop w/o processing
  20. memcpy(&ctx->mode.gcm.aad_cache[cache_len], data, data_offset);
  21. ctx->mode.gcm.aad_cache_len += data_offset;
  22. return;
  23. }
  24. else {
  25. // if new aad is enough to fill a block, concat queue and rest of block from aad
  26. // then update hash
  27. memcpy(tbuf, ctx->mode.gcm.aad_cache, ctx->mode.gcm.aad_cache_len);
  28. memcpy(&tbuf[cache_len], data, data_offset);
  29. xor_buf(tbuf, out_buf, AES_BLOCK_SIZE);
  30. aes_gf2_mul(out_buf, out_buf, ctx->mode.gcm.ghash_key);
  31. }
  32. }
  33.  
  34. // now process any remaining aad data
  35. for(uint24_t idx = data_offset; idx < len; idx += AES_BLOCK_SIZE){
  36. size_t bytes_copy = MIN(AES_BLOCK_SIZE, len - idx);
  37. if(bytes_copy < AES_BLOCK_SIZE){
  38. // if aad_len < block size, write bytes to queue.
  39. // no return here because this condition should just exit out next loop
  40. memcpy(ctx->mode.gcm.aad_cache, &data[idx], bytes_copy);
  41. ctx->mode.gcm.aad_cache_len = bytes_copy;
  42. }
  43. else {
  44. // if aad_len >= block size, update hash for block
  45. memcpy(tbuf, &data[idx], AES_BLOCK_SIZE);
  46. memset(&tbuf[bytes_copy], 0, AES_BLOCK_SIZE-bytes_copy);
  47. xor_buf(tbuf, out_buf, AES_BLOCK_SIZE);
  48. aes_gf2_mul(out_buf, out_buf, ctx->mode.gcm.ghash_key);
  49. }
  50. }
  51. }
  52.  
  53. void aes_gcm_prepare_iv(aes_ctx *ctx, const uint8_t *iv, size_t iv_len)
  54. {
  55. uint8_t len_buf[16];
  56. memset(ctx->iv, 0, AES_BLOCK_SIZE);
  57.  
  58. if (iv_len == 12) {
  59. /* Prepare block J_0 = IV || 0^31 || 1 [len(IV) = 96] */
  60. memcpy(ctx->iv, iv, iv_len);
  61. ctx->iv[AES_BLOCK_SIZE - 1] = 0x01;
  62. } else {
  63. /*
  64. * s = 128 * ceil(len(IV)/128) - len(IV)
  65. * J_0 = GHASH_H(IV || 0^(s+64) || [len(IV)]_64)
  66. */
  67. // hash the IV. Pad to block size
  68. ghash(ctx, ctx->iv, iv, iv_len);
  69.  
  70. memset(len_buf, 0, 8);
  71. memcpy(&len_buf[8], &bitlen, 8);
  72. bitlen_to_bytelen(iv_len, &len_buf[8]); // outputs in BE
  73. //ll_byte_swap(&len_buf[8]);
  74.  
  75. ghash(ctx, ctx->iv, len_buf, sizeof(len_buf));
  76. }
  77. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!