summaryrefslogtreecommitdiff
path: root/ccm.cpp
blob: c0c2c3523d5eb57f91e340eed2bfd67160cd9ab0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// ccm.cpp - originally written and placed in the public domain by Wei Dai

#include "pch.h"

#ifndef CRYPTOPP_IMPORTS

#include "ccm.h"

NAMESPACE_BEGIN(CryptoPP)

void CCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs &params)
{
	BlockCipher &blockCipher = AccessBlockCipher();
	blockCipher.SetKey(userKey, keylength, params);

	if (blockCipher.BlockSize() != REQUIRED_BLOCKSIZE)
		throw InvalidArgument(AlgorithmName() + ": block size of underlying block cipher is not 16");

	m_digestSize = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize());
	if (m_digestSize % 2 > 0 || m_digestSize < 4 || m_digestSize > 16)
		throw InvalidArgument(AlgorithmName() + ": DigestSize must be 4, 6, 8, 10, 12, 14, or 16");

	m_buffer.Grow(2*REQUIRED_BLOCKSIZE);
	m_L = 8;
}

void CCM_Base::Resync(const byte *iv, size_t len)
{
	BlockCipher &cipher = AccessBlockCipher();

	m_L = REQUIRED_BLOCKSIZE-1-(int)len;
	CRYPTOPP_ASSERT(m_L >= 2);
	if (m_L > 8)
		m_L = 8;

	m_buffer[0] = byte(m_L-1);	// flag
	memcpy(m_buffer+1, iv, len);
	memset(m_buffer+1+len, 0, REQUIRED_BLOCKSIZE-1-len);

	if (m_state >= State_IVSet)
		m_ctr.Resynchronize(m_buffer, REQUIRED_BLOCKSIZE);
	else
		m_ctr.SetCipherWithIV(cipher, m_buffer);

	m_ctr.Seek(REQUIRED_BLOCKSIZE);
	m_aadLength = 0;
	m_messageLength = 0;
}

void CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword /*footerLength*/)
{
	if (m_state != State_IVSet)
		throw BadState(AlgorithmName(), "SpecifyDataLengths", "or after State_IVSet");

	m_aadLength = headerLength;
	m_messageLength = messageLength;

	byte *cbcBuffer = CBC_Buffer();
	const BlockCipher &cipher = GetBlockCipher();

	cbcBuffer[0] = byte(64*(headerLength>0) + 8*((m_digestSize-2)/2) + (m_L-1));	// flag
	PutWord<word64>(true, BIG_ENDIAN_ORDER, cbcBuffer+REQUIRED_BLOCKSIZE-8, m_messageLength);
	memcpy(cbcBuffer+1, m_buffer+1, REQUIRED_BLOCKSIZE-1-m_L);
	cipher.ProcessBlock(cbcBuffer);

	if (headerLength>0)
	{
		CRYPTOPP_ASSERT(m_bufferedDataLength == 0);

		if (headerLength < ((1<<16) - (1<<8)))
		{
			PutWord<word16>(true, BIG_ENDIAN_ORDER, m_buffer, (word16)headerLength);
			m_bufferedDataLength = 2;
		}
		else if (headerLength < (W64LIT(1)<<32))
		{
			m_buffer[0] = 0xff;
			m_buffer[1] = 0xfe;
			PutWord<word32>(false, BIG_ENDIAN_ORDER, m_buffer+2, (word32)headerLength);
			m_bufferedDataLength = 6;
		}
		else
		{
			m_buffer[0] = 0xff;
			m_buffer[1] = 0xff;
			PutWord<word64>(false, BIG_ENDIAN_ORDER, m_buffer+2, headerLength);
			m_bufferedDataLength = 10;
		}
	}
}

size_t CCM_Base::AuthenticateBlocks(const byte *data, size_t len)
{
	byte *cbcBuffer = CBC_Buffer();
	const BlockCipher &cipher = GetBlockCipher();
	return cipher.AdvancedProcessBlocks(cbcBuffer, data, cbcBuffer, len, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
}

void CCM_Base::AuthenticateLastHeaderBlock()
{
	byte *cbcBuffer = CBC_Buffer();
	const BlockCipher &cipher = GetBlockCipher();

	if (m_aadLength != m_totalHeaderLength)
		throw InvalidArgument(AlgorithmName() + ": header length doesn't match that given in SpecifyDataLengths");

	if (m_bufferedDataLength > 0)
	{
		xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
		cipher.ProcessBlock(cbcBuffer);
		m_bufferedDataLength = 0;
	}
}

void CCM_Base::AuthenticateLastConfidentialBlock()
{
	byte *cbcBuffer = CBC_Buffer();
	const BlockCipher &cipher = GetBlockCipher();

	if (m_messageLength != m_totalMessageLength)
		throw InvalidArgument(AlgorithmName() + ": message length doesn't match that given in SpecifyDataLengths");

	if (m_bufferedDataLength > 0)
	{
		xorbuf(cbcBuffer, m_buffer, m_bufferedDataLength);
		cipher.ProcessBlock(cbcBuffer);
		m_bufferedDataLength = 0;
	}
}

void CCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize)
{
	m_ctr.Seek(0);
	m_ctr.ProcessData(mac, CBC_Buffer(), macSize);
}

NAMESPACE_END

#endif