taigrr/arduinolibs
1
0
Fork 0
mirror of https://github.com/taigrr/arduinolibs synced 2025-01-18 04:33:12 -08:00
Code Issues Projects Releases Wiki Activity

GCM: Reset ghash in setIV instead of in setKey

Browse Source
This commit is contained in:
AndrolGenhald 2018-02-24 17:18:23 -06:00
parent 27ad81051d
commit fb3929aec7
1 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libraries/Crypto/GCM.cpp
View File

@ -79,20 +79,11 @@ bool GCMCommon::setKey(const uint8_t *key, size_t len)
// Set the encryption key for the block cipher. // Set the encryption key for the block cipher.
if (!blockCipher->setKey(key, len)) if (!blockCipher->setKey(key, len))
return false; return false;
// Construct the hashing key by encrypting a zero block.
memset(state.nonce, 0, 16);
blockCipher->encryptBlock(state.nonce, state.nonce);
ghash.reset(state.nonce);
return true; return true;
} }
bool GCMCommon::setIV(const uint8_t *iv, size_t len) bool GCMCommon::setIV(const uint8_t *iv, size_t len)
{ {
// Note: We assume that setKey() has already been called to
// set the hashing key in the "ghash" object and that the
// hashing key itself is still stored in "state.nonce".
// Format the counter block from the IV. // Format the counter block from the IV.
if (len == 12) { if (len == 12) {
// IV's of exactly 96 bits are used directly as the counter block. // IV's of exactly 96 bits are used directly as the counter block.
@ -109,7 +100,6 @@ bool GCMCommon::setIV(const uint8_t *iv, size_t len)
ghash.update(sizes, sizeof(sizes)); ghash.update(sizes, sizeof(sizes));
clean(sizes); clean(sizes);
ghash.finalize(state.counter, 16); ghash.finalize(state.counter, 16);
ghash.reset(state.nonce);
} }
// Reset the GCM object ready to process auth or payload data. // Reset the GCM object ready to process auth or payload data.
@ -118,6 +108,11 @@ bool GCMCommon::setIV(const uint8_t *iv, size_t len)
state.dataStarted = false; state.dataStarted = false;
state.posn = 16; state.posn = 16;
// Construct the hashing key by encrypting a zero block.
memset(state.nonce, 0, 16);
blockCipher->encryptBlock(state.nonce, state.nonce);
ghash.reset(state.nonce);
// Replace the hash key in "nonce" with the encrypted counter. // Replace the hash key in "nonce" with the encrypted counter.
// This value will be XOR'ed with the final authentication hash // This value will be XOR'ed with the final authentication hash
// value in computeTag(). // value in computeTag().