taigrr/arduinolibs
1
0
Fork 0
mirror of https://github.com/taigrr/arduinolibs synced 2025-01-18 04:33:12 -08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #27 from AndrolGenhald/master

Browse Source 
GCM: Reset ghash in setIV instead of in setKey
This commit is contained in:
rweather 2018-04-15 13:20:17 +10:00 committed by GitHub
commit 7868671873
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libraries/Crypto/GCM.cpp
View File

@ -79,20 +79,11 @@ bool GCMCommon::setKey(const uint8_t *key, size_t len)
// Set the encryption key for the block cipher.
if (!blockCipher->setKey(key, len))
return false;
// Construct the hashing key by encrypting a zero block.
memset(state.nonce, 0, 16);
blockCipher->encryptBlock(state.nonce, state.nonce);
ghash.reset(state.nonce);
return true;
}
bool GCMCommon::setIV(const uint8_t *iv, size_t len)
{
// Note: We assume that setKey() has already been called to
// set the hashing key in the "ghash" object and that the
// hashing key itself is still stored in "state.nonce".
// Format the counter block from the IV.
if (len == 12) {
// IV's of exactly 96 bits are used directly as the counter block.
@ -109,7 +100,6 @@ bool GCMCommon::setIV(const uint8_t *iv, size_t len)
ghash.update(sizes, sizeof(sizes));
clean(sizes);
ghash.finalize(state.counter, 16);
ghash.reset(state.nonce);
}
// Reset the GCM object ready to process auth or payload data.
@ -118,6 +108,11 @@ bool GCMCommon::setIV(const uint8_t *iv, size_t len)
state.dataStarted = false;
state.posn = 16;
// Construct the hashing key by encrypting a zero block.
memset(state.nonce, 0, 16);
blockCipher->encryptBlock(state.nonce, state.nonce);
ghash.reset(state.nonce);
// Replace the hash key in "nonce" with the encrypted counter.
// This value will be XOR'ed with the final authentication hash
// value in computeTag().