diff options
Diffstat (limited to 'src/lib/modes/aead/ocb/ocb.cpp')
-rw-r--r-- | src/lib/modes/aead/ocb/ocb.cpp | 39 |
1 files changed, 20 insertions, 19 deletions
diff --git a/src/lib/modes/aead/ocb/ocb.cpp b/src/lib/modes/aead/ocb/ocb.cpp index 87361ef11..6c1620329 100644 --- a/src/lib/modes/aead/ocb/ocb.cpp +++ b/src/lib/modes/aead/ocb/ocb.cpp @@ -237,7 +237,7 @@ void OCB_Mode::set_associated_data(const uint8_t ad[], size_t ad_len) m_ad_hash = ocb_hash(*m_L, *m_cipher, ad, ad_len); } -secure_vector<uint8_t> +const secure_vector<uint8_t>& OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) { const size_t BS = block_size(); @@ -250,23 +250,24 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) const uint8_t BOTTOM_MASK = static_cast<uint8_t>((static_cast<uint16_t>(1) << MASKLEN) - 1); - secure_vector<uint8_t> nonce_buf(BS); + m_nonce_buf.resize(BS); + clear_mem(&m_nonce_buf[0], m_nonce_buf.size()); - copy_mem(&nonce_buf[BS - nonce_len], nonce, nonce_len); - nonce_buf[0] = static_cast<uint8_t>(((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0)); + copy_mem(&m_nonce_buf[BS - nonce_len], nonce, nonce_len); + m_nonce_buf[0] = static_cast<uint8_t>(((tag_size()*8) % (BS*8)) << (BS <= 16 ? 1 : 0)); - nonce_buf[BS - nonce_len - 1] ^= 1; + m_nonce_buf[BS - nonce_len - 1] ^= 1; - const uint8_t bottom = nonce_buf[BS-1] & BOTTOM_MASK; - nonce_buf[BS-1] &= ~BOTTOM_MASK; + const uint8_t bottom = m_nonce_buf[BS-1] & BOTTOM_MASK; + m_nonce_buf[BS-1] &= ~BOTTOM_MASK; - const bool need_new_stretch = (m_last_nonce != nonce_buf); + const bool need_new_stretch = (m_last_nonce != m_nonce_buf); if(need_new_stretch) { - m_last_nonce = nonce_buf; + m_last_nonce = m_nonce_buf; - m_cipher->encrypt(nonce_buf); + m_cipher->encrypt(m_nonce_buf); /* The loop bounds (BS vs BS/2) are derived from the relation @@ -291,25 +292,25 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) if(BS == 16) { for(size_t i = 0; i != BS / 2; ++i) - nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+1]); + m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i+1]); } else if(BS == 24) { for(size_t i = 0; i != 16; ++i) - nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+5]); + m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i+5]); } else if(BS == 32) { for(size_t i = 0; i != BS; ++i) - nonce_buf.push_back(nonce_buf[i] ^ (nonce_buf[i] << 1) ^ (nonce_buf[i+1] >> 7)); + m_nonce_buf.push_back(m_nonce_buf[i] ^ (m_nonce_buf[i] << 1) ^ (m_nonce_buf[i+1] >> 7)); } else if(BS == 64) { for(size_t i = 0; i != BS / 2; ++i) - nonce_buf.push_back(nonce_buf[i] ^ nonce_buf[i+22]); + m_nonce_buf.push_back(m_nonce_buf[i] ^ m_nonce_buf[i+22]); } - m_stretch = nonce_buf; + m_stretch = m_nonce_buf; } // now set the offset from stretch and bottom @@ -318,14 +319,14 @@ OCB_Mode::update_nonce(const uint8_t nonce[], size_t nonce_len) BOTAN_ASSERT(m_stretch.size() >= BS + shift_bytes + 1, "Size ok"); - secure_vector<uint8_t> offset(BS); + m_offset.resize(BS); for(size_t i = 0; i != BS; ++i) { - offset[i] = (m_stretch[i+shift_bytes] << shift_bits); - offset[i] |= (m_stretch[i+shift_bytes+1] >> (8-shift_bits)); + m_offset[i] = (m_stretch[i+shift_bytes] << shift_bits); + m_offset[i] |= (m_stretch[i+shift_bytes+1] >> (8-shift_bits)); } - return offset; + return m_offset; } void OCB_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) |