1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3
4 /**
5 @file eax_init.c
6 EAX implementation, initialized EAX state, by Tom St Denis
7 */
8 #include "tomcrypt_private.h"
9
10 #ifdef LTC_EAX_MODE
11
12 /**
13 Initialized an EAX state
14 @param eax [out] The EAX state to initialize
15 @param cipher The index of the desired cipher
16 @param key The secret key
17 @param keylen The length of the secret key (octets)
18 @param nonce The use-once nonce for the session
19 @param noncelen The length of the nonce (octets)
20 @param header The header for the EAX state
21 @param headerlen The header length (octets)
22 @return CRYPT_OK if successful
23 */
eax_init(eax_state * eax,int cipher,const unsigned char * key,unsigned long keylen,const unsigned char * nonce,unsigned long noncelen,const unsigned char * header,unsigned long headerlen)24 int eax_init(eax_state *eax, int cipher,
25 const unsigned char *key, unsigned long keylen,
26 const unsigned char *nonce, unsigned long noncelen,
27 const unsigned char *header, unsigned long headerlen)
28 {
29 unsigned char *buf;
30 int err, blklen;
31 omac_state *omac;
32 unsigned long len;
33
34
35 LTC_ARGCHK(eax != NULL);
36 LTC_ARGCHK(key != NULL);
37 LTC_ARGCHK(nonce != NULL);
38 if (headerlen > 0) {
39 LTC_ARGCHK(header != NULL);
40 }
41
42 if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
43 return err;
44 }
45 blklen = cipher_descriptor[cipher].block_length;
46
47 /* allocate ram */
48 buf = XMALLOC(MAXBLOCKSIZE);
49 omac = XMALLOC(sizeof(*omac));
50
51 if (buf == NULL || omac == NULL) {
52 if (buf != NULL) {
53 XFREE(buf);
54 }
55 if (omac != NULL) {
56 XFREE(omac);
57 }
58 return CRYPT_MEM;
59 }
60
61 /* N = LTC_OMAC_0K(nonce) */
62 zeromem(buf, MAXBLOCKSIZE);
63 if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
64 goto LBL_ERR;
65 }
66
67 /* omac the [0]_n */
68 if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) {
69 goto LBL_ERR;
70 }
71 /* omac the nonce */
72 if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) {
73 goto LBL_ERR;
74 }
75 /* store result */
76 len = sizeof(eax->N);
77 if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) {
78 goto LBL_ERR;
79 }
80
81 /* H = LTC_OMAC_1K(header) */
82 zeromem(buf, MAXBLOCKSIZE);
83 buf[blklen - 1] = 1;
84
85 if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
86 goto LBL_ERR;
87 }
88
89 /* omac the [1]_n */
90 if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
91 goto LBL_ERR;
92 }
93 /* omac the header */
94 if (headerlen != 0) {
95 if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
96 goto LBL_ERR;
97 }
98 }
99
100 /* note we don't finish the headeromac, this allows us to add more header later */
101
102 /* setup the CTR mode */
103 if ((err = ctr_start(cipher, eax->N, key, keylen, 0, CTR_COUNTER_BIG_ENDIAN, &eax->ctr)) != CRYPT_OK) {
104 goto LBL_ERR;
105 }
106
107 /* setup the LTC_OMAC for the ciphertext */
108 if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
109 goto LBL_ERR;
110 }
111
112 /* omac [2]_n */
113 zeromem(buf, MAXBLOCKSIZE);
114 buf[blklen-1] = 2;
115 if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
116 goto LBL_ERR;
117 }
118
119 err = CRYPT_OK;
120 LBL_ERR:
121 #ifdef LTC_CLEAN_STACK
122 zeromem(buf, MAXBLOCKSIZE);
123 zeromem(omac, sizeof(*omac));
124 #endif
125
126 XFREE(omac);
127 XFREE(buf);
128
129 return err;
130 }
131
132 #endif
133