unsigned char mask[15];
union ublock locin;
union ublock locout;
-
+
locin.ocbblk = in;
locout.ocbblk = out;
-
+
shift_mask = 0xff;
shift_mask <<= (8 - shift);
for (i = 15; i >= 0; i--) {
unsigned char mask;
union ublock locin;
union ublock locout;
-
+
locin.ocbblk = in;
locout.ocbblk = out;
* Lookup L_index in our lookup table. If we haven't already got it we need to
* calculate it
*/
-static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT * ctx, size_t index)
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
{
- if (index <= ctx->l_index) {
- return ctx->l + index;
+ if (idx <= ctx->l_index) {
+ return ctx->l + idx;
}
/* We don't have it - so calculate it */
ctx->l_index++;
if (ctx->l_index == ctx->max_l_index) {
ctx->max_l_index *= 2;
- ctx->l = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+ ctx->l =
+ OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
if (!ctx->l)
return NULL;
}
- ocb_double(ctx->l + (index - 1), ctx->l + index);
+ ocb_double(ctx->l + (idx - 1), ctx->l + idx);
- return ctx->l + index;
+ return ctx->l + idx;
}
/*
* Encrypt a block from |in| and store the result in |out|
*/
-static void ocb_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out, void *keyenc)
+static void ocb_encrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out,
+ void *keyenc)
{
union ublock locin;
union ublock locout;
-
+
locin.ocbblk = in;
locout.ocbblk = out;
/*
* Decrypt a block from |in| and store the result in |out|
*/
-static void ocb_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out, void *keydec)
+static void ocb_decrypt(OCB128_CONTEXT *ctx, OCB_BLOCK *in, OCB_BLOCK *out,
+ void *keydec)
{
union ublock locin;
union ublock locout;
-
+
locin.ocbblk = in;
locout.ocbblk = out;
OCB128_CONTEXT *octx;
int ret;
- if ((octx = (OCB128_CONTEXT *) OPENSSL_malloc(sizeof(OCB128_CONTEXT)))) {
+ if ((octx = OPENSSL_malloc(sizeof(OCB128_CONTEXT)))) {
ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt);
if (ret)
return octx;
/*
* Copy an OCB128_CONTEXT object
*/
-int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT * dest, OCB128_CONTEXT * src,
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
void *keyenc, void *keydec)
{
memcpy(dest, src, sizeof(OCB128_CONTEXT));
/*
* Set the IV to be used for this operation. Must be 1 - 15 bytes.
*/
-int CRYPTO_ocb128_setiv(OCB128_CONTEXT * ctx, const unsigned char *iv,
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
size_t len, size_t taglen)
{
unsigned char ktop[16], tmp[16], mask;
unsigned char stretch[24], nonce[16];
size_t bottom, shift;
union ublock offset;
-
+
offset.ocbblk = &ctx->offset;
/*
/* Offset_0 = Stretch[1+bottom..128+bottom] */
shift = bottom % 8;
- ocb_block_lshift((OCB_BLOCK *)(stretch + (bottom / 8)), shift, &ctx->offset);
+ ocb_block_lshift((OCB_BLOCK *)(stretch + (bottom / 8)), shift,
+ &ctx->offset);
mask = 0xff;
mask <<= 8 - shift;
- offset.chrblk[15] |= (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
+ offset.chrblk[15] |=
+ (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
return 1;
}
* Provide any AAD. This can be called multiple times. Only the final time can
* have a partial block
*/
-int CRYPTO_ocb128_aad(OCB128_CONTEXT * ctx, const unsigned char *aad,
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
size_t len)
{
u64 all_num_blocks, num_blocks;
OCB_BLOCK tmp1;
OCB_BLOCK tmp2;
int last_len;
-
+
/* Calculate the number of blocks of AAD provided now, and so far */
num_blocks = len / 16;
all_num_blocks = num_blocks + ctx->blocks_hashed;
for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) {
OCB_BLOCK *lookup;
OCB_BLOCK *aad_block;
-
+
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (!lookup)
ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad);
/* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
- aad_block = (OCB_BLOCK *) (aad + ((i - ctx->blocks_hashed - 1) * 16));
+ aad_block = (OCB_BLOCK *)(aad + ((i - ctx->blocks_hashed - 1) * 16));
ocb_block16_xor(&ctx->offset_aad, aad_block, &tmp1);
ocb_encrypt(ctx, &tmp1, &tmp2, ctx->keyenc);
ocb_block16_xor(&ctx->sum, &tmp2, &ctx->sum);
* Provide any data to be encrypted. This can be called multiple times. Only
* the final time can have a partial block
*/
-int CRYPTO_ocb128_encrypt(OCB128_CONTEXT * ctx,
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
{
OCB_BLOCK *lookup;
OCB_BLOCK *inblock;
OCB_BLOCK *outblock;
-
+
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (!lookup)
ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
/* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
- inblock = (OCB_BLOCK *) (in + ((i - ctx->blocks_processed - 1) * 16));
+ inblock = (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16));
ocb_block16_xor(&ctx->offset, inblock, &tmp1);
ocb_encrypt(ctx, &tmp1, &tmp2, ctx->keyenc);
outblock =
- (OCB_BLOCK *) (out + ((i - ctx->blocks_processed - 1) * 16));
+ (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16));
ocb_block16_xor(&ctx->offset, &tmp2, outblock);
/* Checksum_i = Checksum_{i-1} xor P_i */
* Provide any data to be decrypted. This can be called multiple times. Only
* the final time can have a partial block
*/
-int CRYPTO_ocb128_decrypt(OCB128_CONTEXT * ctx,
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
const unsigned char *in, unsigned char *out,
size_t len)
{
for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) {
OCB_BLOCK *inblock;
OCB_BLOCK *outblock;
-
+
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (!lookup)
ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
/* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
- inblock = (OCB_BLOCK *) (in + ((i - ctx->blocks_processed - 1) * 16));
+ inblock = (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16));
ocb_block16_xor(&ctx->offset, inblock, &tmp1);
ocb_decrypt(ctx, &tmp1, &tmp2, ctx->keydec);
- outblock = (OCB_BLOCK *) (out + ((i - ctx->blocks_processed - 1) * 16));
+ outblock =
+ (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16));
ocb_block16_xor(&ctx->offset, &tmp2, outblock);
/* Checksum_i = Checksum_{i-1} xor P_i */
/*
* Calculate the tag and verify it against the supplied tag
*/
-int CRYPTO_ocb128_finish(OCB128_CONTEXT * ctx, const unsigned char *tag,
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
size_t len)
{
OCB_BLOCK tmp1, tmp2;
- /*Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */
+ /*
+ * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
+ */
ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp1);
ocb_block16_xor(&tmp1, &ctx->l_dollar, &tmp2);
ocb_encrypt(ctx, &tmp2, &tmp1, ctx->keyenc);
/*
* Retrieve the calculated tag
*/
-int CRYPTO_ocb128_tag(OCB128_CONTEXT * ctx, unsigned char *tag, size_t len)
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
{
if (len > 16 || len < 1) {
return -1;
/*
* Release all resources
*/
-void CRYPTO_ocb128_cleanup(OCB128_CONTEXT * ctx)
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
{
if (ctx) {
- if (ctx->l) {
- OPENSSL_cleanse(ctx->l, ctx->max_l_index * 16);
- OPENSSL_free(ctx->l);
- }
+ OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
OPENSSL_cleanse(ctx, sizeof(*ctx));
}
}
-#endif /* OPENSSL_NO_OCB */
+#endif /* OPENSSL_NO_OCB */