1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
3
* LibTomCrypt is a library that provides various cryptographic
4
* algorithms in a highly modular and flexible manner.
6
* The library is free for all purposes without any express
9
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
12
/* OCB Implementation by Tom St Denis */
19
unsigned char poly_div[MAXBLOCKSIZE],
20
poly_mul[MAXBLOCKSIZE];
24
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
25
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
28
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
29
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
30
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
31
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
35
int ocb_init(ocb_state *ocb, int cipher,
36
const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
38
int poly, x, y, m, err;
42
_ARGCHK(nonce != NULL);
45
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
49
/* determine which polys to use */
50
ocb->block_len = cipher_descriptor[cipher].block_length;
51
for (poly = 0; poly < (int)(sizeof(polys)/sizeof(polys[0])); poly++) {
52
if (polys[poly].len == ocb->block_len) {
56
if (polys[poly].len != ocb->block_len) {
57
return CRYPT_INVALID_ARG;
60
/* schedule the key */
61
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
66
zeromem(ocb->L, ocb->block_len);
67
cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key);
69
/* find R = E[N xor L] */
70
for (x = 0; x < ocb->block_len; x++) {
71
ocb->R[x] = ocb->L[x] ^ nonce[x];
73
cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key);
75
/* find Ls[i] = L << i for i == 0..31 */
76
XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len);
77
for (x = 1; x < 32; x++) {
78
m = ocb->Ls[x-1][0] >> 7;
79
for (y = 0; y < ocb->block_len-1; y++) {
80
ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255;
82
ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255;
85
for (y = 0; y < ocb->block_len; y++) {
86
ocb->Ls[x][y] ^= polys[poly].poly_mul[y];
92
m = ocb->L[ocb->block_len-1] & 1;
95
for (x = ocb->block_len - 1; x > 0; x--) {
96
ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255;
98
ocb->Lr[0] = ocb->L[0] >> 1;
101
for (x = 0; x < ocb->block_len; x++) {
102
ocb->Lr[x] ^= polys[poly].poly_div[x];
106
/* set Li, checksum */
107
zeromem(ocb->Li, ocb->block_len);
108
zeromem(ocb->checksum, ocb->block_len);
110
/* set other params */
111
ocb->block_index = 1;
112
ocb->cipher = cipher;