Add Poly1305 MAC

[libgcrypt.git] / cipher / cipher-aeswrap.c

diff --git a/cipher/cipher-aeswrap.c b/cipher/cipher-aeswrap.c
index 8e117eb..698742d 100644 (file)
--- a/cipher/cipher-aeswrap.c
+++ b/cipher/cipher-aeswrap.c
@@ -25,7 +25,6 @@
 
 #include "g10lib.h"
 #include "cipher.h"
-#include "ath.h"
 #include "bufhelp.h"
 #include "./cipher-internal.h"
 
@@ -35,19 +34,20 @@
    blocksize 128.  */
 gcry_err_code_t
 _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
-                              byte *outbuf, unsigned int outbuflen,
-                              const byte *inbuf, unsigned int inbuflen )
+                              byte *outbuf, size_t outbuflen,
+                              const byte *inbuf, size_t inbuflen )
 {
   int j, x;
-  unsigned int n, i;
+  size_t n, i;
   unsigned char *r, *a, *b;
   unsigned char t[8];
+  unsigned int burn, nburn;
 
 #if MAX_BLOCKSIZE < 8
 #error Invalid block size
 #endif
   /* We require a cipher with a 128 bit block length.  */
-  if (c->cipher->blocksize != 16)
+  if (c->spec->blocksize != 16)
     return GPG_ERR_INV_LENGTH;
 
   /* The output buffer must be able to hold the input data plus one
@@ -64,6 +64,8 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
   if (n < 2)
     return GPG_ERR_INV_ARG;
 
+  burn = 0;
+
   r = outbuf;
   a = outbuf;  /* We store A directly in OUTBUF.  */
   b = c->u_ctr.ctr;  /* B is also used to concatenate stuff.  */
@@ -87,7 +89,8 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
           /* B := AES_k( A | R[i] ) */
           memcpy (b, a, 8);
           memcpy (b+8, r+i*8, 8);
-          c->cipher->encrypt (&c->context.c, b, b);
+          nburn = c->spec->encrypt (&c->context.c, b, b);
+          burn = nburn > burn ? nburn : burn;
           /* t := t + 1  */
          for (x = 7; x >= 0; x--)
            {
@@ -102,6 +105,9 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
         }
    }
 
+  if (burn > 0)
+    _gcry_burn_stack (burn + 4 * sizeof(void *));
+
   return 0;
 }
 
@@ -110,19 +116,20 @@ _gcry_cipher_aeswrap_encrypt (gcry_cipher_hd_t c,
    blocksize 128.  */
 gcry_err_code_t
 _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
-                              byte *outbuf, unsigned int outbuflen,
-                              const byte *inbuf, unsigned int inbuflen)
+                              byte *outbuf, size_t outbuflen,
+                              const byte *inbuf, size_t inbuflen)
 {
   int j, x;
-  unsigned int n, i;
+  size_t n, i;
   unsigned char *r, *a, *b;
   unsigned char t[8];
+  unsigned int burn, nburn;
 
 #if MAX_BLOCKSIZE < 8
 #error Invalid block size
 #endif
   /* We require a cipher with a 128 bit block length.  */
-  if (c->cipher->blocksize != 16)
+  if (c->spec->blocksize != 16)
     return GPG_ERR_INV_LENGTH;
 
   /* The output buffer must be able to hold the input data minus one
@@ -140,6 +147,8 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
   if (n < 3)
     return GPG_ERR_INV_ARG;
 
+  burn = 0;
+
   r = outbuf;
   a = c->lastiv;  /* We use c->LASTIV as buffer for A.  */
   b = c->u_ctr.ctr;     /* B is also used to concatenate stuff.  */
@@ -163,7 +172,8 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
           /* B := AES_k^1( (A ^ t)| R[i] ) */
          buf_xor(b, a, t, 8);
           memcpy (b+8, r+(i-1)*8, 8);
-          c->cipher->decrypt (&c->context.c, b, b);
+          nburn = c->spec->decrypt (&c->context.c, b, b);
+          burn = nburn > burn ? nburn : burn;
           /* t := t - 1  */
          for (x = 7; x >= 0; x--)
            {
@@ -191,5 +201,9 @@ _gcry_cipher_aeswrap_decrypt (gcry_cipher_hd_t c,
             break;
           }
     }
+
+  if (burn > 0)
+    _gcry_burn_stack (burn + 4 * sizeof(void *));
+
   return j? GPG_ERR_CHECKSUM : 0;
 }