tomcrypt/src/encauth/gcm/gcm_process.c

/* LibTomCrypt, modular cryptographic library -- Tom St Denis
 *
 * LibTomCrypt is a library that provides various cryptographic
 * algorithms in a highly modular and flexible manner.
 *
 * The library is free for all purposes without any express
 * guarantee it works.
 */

/**
   @file gcm_process.c
   GCM implementation, process message data, by Tom St Denis
*/
#include "tomcrypt.h"

#ifdef LTC_GCM_MODE

/**
  Process plaintext/ciphertext through GCM
  @param gcm       The GCM state
  @param pt        The plaintext
  @param ptlen     The plaintext length (ciphertext length is the same)
  @param ct        The ciphertext
  @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
  @return CRYPT_OK on success
 */
int gcm_process(gcm_state *gcm,
                     unsigned char *pt,     unsigned long ptlen,
                     unsigned char *ct,
                     int direction)
{
   unsigned long x;
   int           y, err;
   unsigned char b;

   LTC_ARGCHK(gcm != NULL);
   if (ptlen > 0) {
      LTC_ARGCHK(pt  != NULL);
      LTC_ARGCHK(ct  != NULL);
   }

   if (gcm->buflen > 16 || gcm->buflen < 0) {
      return CRYPT_INVALID_ARG;
   }

   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
      return err;
   }

   /* 0xFFFFFFFE0 = ((2^39)-256)/8 */
   if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {
      return CRYPT_INVALID_ARG;
   }

   /* in AAD mode? */
   if (gcm->mode == LTC_GCM_MODE_AAD) {
      /* let's process the AAD */
      if (gcm->buflen) {
         gcm->totlen += gcm->buflen * CONST64(8);
         gcm_mult_h(gcm, gcm->X);
      }

      /* increment counter */
      for (y = 15; y >= 12; y--) {
          if (++gcm->Y[y] & 255) { break; }
      }
      /* encrypt the counter */
      if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
         return err;
      }

      gcm->buflen = 0;
      gcm->mode   = LTC_GCM_MODE_TEXT;
   }

   if (gcm->mode != LTC_GCM_MODE_TEXT) {
      return CRYPT_INVALID_ARG;
   }

   x = 0;
#ifdef LTC_FAST
   if (gcm->buflen == 0) {
      if (direction == GCM_ENCRYPT) {
         for (x = 0; x < (ptlen & ~15); x += 16) {
             /* ctr encrypt */
             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
                 *(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));
                 *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));
             }
             /* GMAC it */
             gcm->pttotlen += 128;
             gcm_mult_h(gcm, gcm->X);
             /* increment counter */
             for (y = 15; y >= 12; y--) {
                 if (++gcm->Y[y] & 255) { break; }
             }
             if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
                return err;
             }
         }
      } else {
         for (x = 0; x < (ptlen & ~15); x += 16) {
             /* ctr encrypt */
             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
                 *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));
                 *(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));
             }
             /* GMAC it */
             gcm->pttotlen += 128;
             gcm_mult_h(gcm, gcm->X);
             /* increment counter */
             for (y = 15; y >= 12; y--) {
                 if (++gcm->Y[y] & 255) { break; }
             }
             if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
                return err;
             }
         }
      }
   }
#endif

   /* process text */
   for (; x < ptlen; x++) {
       if (gcm->buflen == 16) {
          gcm->pttotlen += 128;
          gcm_mult_h(gcm, gcm->X);

          /* increment counter */
          for (y = 15; y >= 12; y--) {
              if (++gcm->Y[y] & 255) { break; }
          }
          if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
             return err;
          }
          gcm->buflen = 0;
       }

       if (direction == GCM_ENCRYPT) {
          b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen];
       } else {
          b = ct[x];
          pt[x] = ct[x] ^ gcm->buf[gcm->buflen];
       }
       gcm->X[gcm->buflen++] ^= b;
   }

   return CRYPT_OK;
}

#endif

/* $Source$ */
/* $Revision$ */
/* $Date$ */
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`/* LibTomCrypt, modular cryptographic library -- Tom St Denis`
			`*`
			`* LibTomCrypt is a library that provides various cryptographic`
			`* algorithms in a highly modular and flexible manner.`
			`*`
			`* The library is free for all purposes without any express`
			`* guarantee it works.`
			`*/`

			`/**`
			`@file gcm_process.c`
			`GCM implementation, process message data, by Tom St Denis`
			`*/`
			`#include "tomcrypt.h"`

added libtomcrypt-1.17 2007-07-20 17:48:02 +00:00			`#ifdef LTC_GCM_MODE`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`/**`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`Process plaintext/ciphertext through GCM`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`@param gcm The GCM state`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`@param pt The plaintext`
			`@param ptlen The plaintext length (ciphertext length is the same)`
			`@param ct The ciphertext`
			`@param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)`
			`@return CRYPT_OK on success`
			`*/`
			`int gcm_process(gcm_state *gcm,`
			`unsigned char *pt, unsigned long ptlen,`
			`unsigned char *ct,`
			`int direction)`
			`{`
added libtomcrypt-1.15 2006-11-17 14:21:24 +00:00			`unsigned long x;`
			`int y, err;`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`unsigned char b;`

			`LTC_ARGCHK(gcm != NULL);`
added libtomcrypt-1.02 2005-04-19 11:30:30 +00:00			`if (ptlen > 0) {`
			`LTC_ARGCHK(pt != NULL);`
			`LTC_ARGCHK(ct != NULL);`
			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00
			`if (gcm->buflen > 16 \|\| gcm->buflen < 0) {`
			`return CRYPT_INVALID_ARG;`
			`}`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {`
			`return err;`
			`}`

Fix GCM counter reuse GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits 2016-09-28 20:17:53 +02:00			`/* 0xFFFFFFFE0 = ((2^39)-256)/8 */`
			`if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {`
			`return CRYPT_INVALID_ARG;`
			`}`

added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`/* in AAD mode? */`
added libtomcrypt-1.17 2007-07-20 17:48:02 +00:00			`if (gcm->mode == LTC_GCM_MODE_AAD) {`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`/* let's process the AAD */`
			`if (gcm->buflen) {`
			`gcm->totlen += gcm->buflen * CONST64(8);`
			`gcm_mult_h(gcm, gcm->X);`
			`}`

			`/* increment counter */`
added libtomcrypt-1.16 2006-12-16 18:10:04 +00:00			`for (y = 15; y >= 12; y--) {`
added libtomcrypt-1.14 2006-08-30 23:30:00 +00:00			`if (++gcm->Y[y] & 255) { break; }`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
			`/* encrypt the counter */`
added libtomcrypt-1.07 2005-11-18 05:15:37 +00:00			`if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {`
			`return err;`
			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00
			`gcm->buflen = 0;`
added libtomcrypt-1.17 2007-07-20 17:48:02 +00:00			`gcm->mode = LTC_GCM_MODE_TEXT;`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`

added libtomcrypt-1.17 2007-07-20 17:48:02 +00:00			`if (gcm->mode != LTC_GCM_MODE_TEXT) {`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`return CRYPT_INVALID_ARG;`
			`}`

			`x = 0;`
			`#ifdef LTC_FAST`
			`if (gcm->buflen == 0) {`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`if (direction == GCM_ENCRYPT) {`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`for (x = 0; x < (ptlen & ~15); x += 16) {`
			`/* ctr encrypt */`
			`for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {`
Fix all warnings from -Wcast-align 2016-06-28 00:34:37 -04:00			`(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = (LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));`
			`(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= (LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
			`/* GMAC it */`
			`gcm->pttotlen += 128;`
			`gcm_mult_h(gcm, gcm->X);`
			`/* increment counter */`
added libtomcrypt-1.16 2006-12-16 18:10:04 +00:00			`for (y = 15; y >= 12; y--) {`
added libtomcrypt-1.14 2006-08-30 23:30:00 +00:00			`if (++gcm->Y[y] & 255) { break; }`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
added libtomcrypt-1.07 2005-11-18 05:15:37 +00:00			`if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {`
			`return err;`
			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
			`} else {`
			`for (x = 0; x < (ptlen & ~15); x += 16) {`
			`/* ctr encrypt */`
			`for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {`
Fix all warnings from -Wcast-align 2016-06-28 00:34:37 -04:00			`(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= (LTC_FAST_TYPE_PTR_CAST(&ct[x+y]));`
			`(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = (LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y]));`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
			`/* GMAC it */`
			`gcm->pttotlen += 128;`
			`gcm_mult_h(gcm, gcm->X);`
			`/* increment counter */`
added libtomcrypt-1.16 2006-12-16 18:10:04 +00:00			`for (y = 15; y >= 12; y--) {`
added libtomcrypt-1.14 2006-08-30 23:30:00 +00:00			`if (++gcm->Y[y] & 255) { break; }`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
added libtomcrypt-1.07 2005-11-18 05:15:37 +00:00			`if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {`
			`return err;`
			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
fix indentation 2015-12-19 17:30:38 +01:00			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`#endif`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00
			`/* process text */`
			`for (; x < ptlen; x++) {`
			`if (gcm->buflen == 16) {`
			`gcm->pttotlen += 128;`
			`gcm_mult_h(gcm, gcm->X);`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`/* increment counter */`
added libtomcrypt-1.16 2006-12-16 18:10:04 +00:00			`for (y = 15; y >= 12; y--) {`
added libtomcrypt-1.14 2006-08-30 23:30:00 +00:00			`if (++gcm->Y[y] & 255) { break; }`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`
added libtomcrypt-1.07 2005-11-18 05:15:37 +00:00			`if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {`
			`return err;`
			`}`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`gcm->buflen = 0;`
			`}`

			`if (direction == GCM_ENCRYPT) {`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen];`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`} else {`
			`b = ct[x];`
			`pt[x] = ct[x] ^ gcm->buf[gcm->buflen];`
			`}`
trim trailing spaces/clean up 2014-01-03 15:16:59 +01:00			`gcm->X[gcm->buflen++] ^= b;`
added libtomcrypt-1.01 2005-04-17 11:37:13 +00:00			`}`

			`return CRYPT_OK;`
			`}`

			`#endif`
added libtomcrypt-1.03 2005-06-09 00:08:13 +00:00
			`/* $Source$ */`
			`/* $Revision$ */`
			`/* $Date$ */`