| // SPDX-License-Identifier: BSD-2-Clause |
| /* LibTomCrypt, modular cryptographic library -- Tom St Denis |
| * |
| * LibTomCrypt is a library that provides various cryptographic |
| * algorithms in a highly modular and flexible manner. |
| * |
| * The library is free for all purposes without any express |
| * guarantee it works. |
| */ |
| #include "tomcrypt_private.h" |
| |
| /** |
| @file xcbc_init.c |
| XCBC Support, start an XCBC state |
| */ |
| |
| #ifdef LTC_XCBC |
| |
| /** Initialize XCBC-MAC state |
| @param xcbc [out] XCBC state to initialize |
| @param cipher Index of cipher to use |
| @param key [in] Secret key |
| @param keylen Length of secret key in octets |
| Return CRYPT_OK on success |
| */ |
| int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen) |
| { |
| int x, y, err; |
| symmetric_key *skey; |
| unsigned long k1; |
| |
| LTC_ARGCHK(xcbc != NULL); |
| LTC_ARGCHK(key != NULL); |
| |
| /* schedule the key */ |
| if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { |
| return err; |
| } |
| |
| #ifdef LTC_FAST |
| if (cipher_descriptor[cipher]->block_length % sizeof(LTC_FAST_TYPE)) { |
| return CRYPT_INVALID_ARG; |
| } |
| #endif |
| |
| skey = NULL; |
| |
| /* are we in pure XCBC mode with three keys? */ |
| if (keylen & LTC_XCBC_PURE) { |
| keylen &= ~LTC_XCBC_PURE; |
| |
| if (keylen < 2UL*cipher_descriptor[cipher]->block_length) { |
| return CRYPT_INVALID_ARG; |
| } |
| |
| k1 = keylen - 2*cipher_descriptor[cipher]->block_length; |
| XMEMCPY(xcbc->K[0], key, k1); |
| XMEMCPY(xcbc->K[1], key+k1, cipher_descriptor[cipher]->block_length); |
| XMEMCPY(xcbc->K[2], key+k1 + cipher_descriptor[cipher]->block_length, cipher_descriptor[cipher]->block_length); |
| } else { |
| /* use the key expansion */ |
| k1 = cipher_descriptor[cipher]->block_length; |
| |
| /* schedule the user key */ |
| skey = XCALLOC(1, sizeof(*skey)); |
| if (skey == NULL) { |
| return CRYPT_MEM; |
| } |
| |
| if ((err = cipher_descriptor[cipher]->setup(key, keylen, 0, skey)) != CRYPT_OK) { |
| goto done; |
| } |
| |
| /* make the three keys */ |
| for (y = 0; y < 3; y++) { |
| for (x = 0; x < cipher_descriptor[cipher]->block_length; x++) { |
| xcbc->K[y][x] = y + 1; |
| } |
| cipher_descriptor[cipher]->ecb_encrypt(xcbc->K[y], xcbc->K[y], skey); |
| } |
| } |
| |
| /* setup K1 */ |
| err = cipher_descriptor[cipher]->setup(xcbc->K[0], k1, 0, &xcbc->key); |
| |
| /* setup struct */ |
| zeromem(xcbc->IV, cipher_descriptor[cipher]->block_length); |
| xcbc->blocksize = cipher_descriptor[cipher]->block_length; |
| xcbc->cipher = cipher; |
| xcbc->buflen = 0; |
| done: |
| cipher_descriptor[cipher]->done(skey); |
| if (skey != NULL) { |
| #ifdef LTC_CLEAN_STACK |
| zeromem(skey, sizeof(*skey)); |
| #endif |
| XFREE(skey); |
| } |
| return err; |
| } |
| |
| #endif |
| |
| /* ref: $Format:%D$ */ |
| /* git commit: $Format:%H$ */ |
| /* commit time: $Format:%ai$ */ |
| |