OpenCoverage

ccm128.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/modes/ccm128.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: ccm128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */-
2/* ====================================================================-
3 * Copyright (c) 2011 The OpenSSL Project. All rights reserved.-
4 *-
5 * Redistribution and use in source and binary forms, with or without-
6 * modification, are permitted provided that the following conditions-
7 * are met:-
8 *-
9 * 1. Redistributions of source code must retain the above copyright-
10 * notice, this list of conditions and the following disclaimer. -
11 *-
12 * 2. Redistributions in binary form must reproduce the above copyright-
13 * notice, this list of conditions and the following disclaimer in-
14 * the documentation and/or other materials provided with the-
15 * distribution.-
16 *-
17 * 3. All advertising materials mentioning features or use of this-
18 * software must display the following acknowledgment:-
19 * "This product includes software developed by the OpenSSL Project-
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"-
21 *-
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
23 * endorse or promote products derived from this software without-
24 * prior written permission. For written permission, please contact-
25 * openssl-core@openssl.org.-
26 *-
27 * 5. Products derived from this software may not be called "OpenSSL"-
28 * nor may "OpenSSL" appear in their names without prior written-
29 * permission of the OpenSSL Project.-
30 *-
31 * 6. Redistributions of any form whatsoever must retain the following-
32 * acknowledgment:-
33 * "This product includes software developed by the OpenSSL Project-
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"-
35 *-
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
47 * OF THE POSSIBILITY OF SUCH DAMAGE.-
48 * ====================================================================-
49 */-
50-
51#include <openssl/crypto.h>-
52#include "modes_lcl.h"-
53#include <string.h>-
54-
55#ifndef MODES_DEBUG-
56# ifndef NDEBUG-
57# define NDEBUG-
58# endif-
59#endif-
60-
61/* First you setup M and L parameters and pass the key schedule.-
62 * This is called once per session setup... */-
63void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,-
64 unsigned int M,unsigned int L,void *key,block128_f block)-
65{-
66 memset(ctx->nonce.c,0,sizeof(ctx->nonce.c));-
67 ctx->nonce.c[0] = ((u8)(L-1)&7) | (u8)(((M-2)/2)&7)<<3;-
68 ctx->blocks = 0;-
69 ctx->block = block;-
70 ctx->key = key;-
71}
never executed: end of block
0
72-
73/* !!! Following interfaces are to be called *once* per packet !!! */-
74-
75/* Then you setup per-message nonce and pass the length of the message */-
76int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,-
77 const unsigned char *nonce,size_t nlen,size_t mlen)-
78{-
79 unsigned int L = ctx->nonce.c[0]&7; /* the L parameter */-
80-
81 if (nlen<(14-L)) return -1; /* nonce is too short */
never executed: return -1;
nlen<(14-L)Description
TRUEnever evaluated
FALSEnever evaluated
0
82-
83 if (sizeof(mlen)==8 && L>=3) {
sizeof(mlen)==8Description
TRUEnever evaluated
FALSEnever evaluated
L>=3Description
TRUEnever evaluated
FALSEnever evaluated
0
84 ctx->nonce.c[8] = (u8)(mlen>>(56%(sizeof(mlen)*8)));-
85 ctx->nonce.c[9] = (u8)(mlen>>(48%(sizeof(mlen)*8)));-
86 ctx->nonce.c[10] = (u8)(mlen>>(40%(sizeof(mlen)*8)));-
87 ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8)));-
88 }
never executed: end of block
0
89 else-
90 ctx->nonce.u[1] = 0;
never executed: ctx->nonce.u[1] = 0;
0
91-
92 ctx->nonce.c[12] = (u8)(mlen>>24);-
93 ctx->nonce.c[13] = (u8)(mlen>>16);-
94 ctx->nonce.c[14] = (u8)(mlen>>8);-
95 ctx->nonce.c[15] = (u8)mlen;-
96-
97 ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */-
98 memcpy(&ctx->nonce.c[1],nonce,14-L);-
99-
100 return 0;
never executed: return 0;
0
101}-
102-
103/* Then you pass additional authentication data, this is optional */-
104void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,-
105 const unsigned char *aad,size_t alen)-
106{ unsigned int i;-
107 block128_f block = ctx->block;-
108-
109 if (alen==0) return;
never executed: return;
alen==0Description
TRUEnever evaluated
FALSEnever evaluated
0
110-
111 ctx->nonce.c[0] |= 0x40; /* set Adata flag */-
112 (*block)(ctx->nonce.c,ctx->cmac.c,ctx->key),-
113 ctx->blocks++;-
114-
115 if (alen<(0x10000-0x100)) {
alen<(0x10000-0x100)Description
TRUEnever evaluated
FALSEnever evaluated
0
116 ctx->cmac.c[0] ^= (u8)(alen>>8);-
117 ctx->cmac.c[1] ^= (u8)alen;-
118 i=2;-
119 }
never executed: end of block
0
120 else if (sizeof(alen)==8 && alen>=(size_t)1<<(32%(sizeof(alen)*8))) {
sizeof(alen)==8Description
TRUEnever evaluated
FALSEnever evaluated
alen>=(size_t)...zeof(alen)*8))Description
TRUEnever evaluated
FALSEnever evaluated
0
121 ctx->cmac.c[0] ^= 0xFF;-
122 ctx->cmac.c[1] ^= 0xFF;-
123 ctx->cmac.c[2] ^= (u8)(alen>>(56%(sizeof(alen)*8)));-
124 ctx->cmac.c[3] ^= (u8)(alen>>(48%(sizeof(alen)*8)));-
125 ctx->cmac.c[4] ^= (u8)(alen>>(40%(sizeof(alen)*8)));-
126 ctx->cmac.c[5] ^= (u8)(alen>>(32%(sizeof(alen)*8)));-
127 ctx->cmac.c[6] ^= (u8)(alen>>24);-
128 ctx->cmac.c[7] ^= (u8)(alen>>16);-
129 ctx->cmac.c[8] ^= (u8)(alen>>8);-
130 ctx->cmac.c[9] ^= (u8)alen;-
131 i=10;-
132 }
never executed: end of block
0
133 else {-
134 ctx->cmac.c[0] ^= 0xFF;-
135 ctx->cmac.c[1] ^= 0xFE;-
136 ctx->cmac.c[2] ^= (u8)(alen>>24);-
137 ctx->cmac.c[3] ^= (u8)(alen>>16);-
138 ctx->cmac.c[4] ^= (u8)(alen>>8);-
139 ctx->cmac.c[5] ^= (u8)alen;-
140 i=6;-
141 }
never executed: end of block
0
142-
143 do {-
144 for(;i<16 && alen;++i,++aad,--alen)
i<16Description
TRUEnever evaluated
FALSEnever evaluated
alenDescription
TRUEnever evaluated
FALSEnever evaluated
0
145 ctx->cmac.c[i] ^= *aad;
never executed: ctx->cmac.c[i] ^= *aad;
0
146 (*block)(ctx->cmac.c,ctx->cmac.c,ctx->key),-
147 ctx->blocks++;-
148 i=0;-
149 } while (alen);
never executed: end of block
alenDescription
TRUEnever evaluated
FALSEnever evaluated
0
150}
never executed: end of block
0
151-
152/* Finally you encrypt or decrypt the message */-
153-
154/* counter part of nonce may not be larger than L*8 bits,-
155 * L is not larger than 8, therefore 64-bit counter... */-
156static void ctr64_inc(unsigned char *counter) {-
157 unsigned int n=8;-
158 u8 c;-
159-
160 counter += 8;-
161 do {-
162 --n;-
163 c = counter[n];-
164 ++c;-
165 counter[n] = c;-
166 if (c) return;
never executed: return;
cDescription
TRUEnever evaluated
FALSEnever evaluated
0
167 } while (n);
never executed: end of block
nDescription
TRUEnever evaluated
FALSEnever evaluated
0
168}
never executed: end of block
0
169-
170int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,-
171 const unsigned char *inp, unsigned char *out,-
172 size_t len)-
173{-
174 size_t n;-
175 unsigned int i,L;-
176 unsigned char flags0 = ctx->nonce.c[0];-
177 block128_f block = ctx->block;-
178 void * key = ctx->key;-
179 union { u64 u[2]; u8 c[16]; } scratch;-
180-
181 if (!(flags0&0x40))
!(flags0&0x40)Description
TRUEnever evaluated
FALSEnever evaluated
0
182 (*block)(ctx->nonce.c,ctx->cmac.c,key),
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key), ctx->blocks++;
0
183 ctx->blocks++;
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key), ctx->blocks++;
0
184-
185 ctx->nonce.c[0] = L = flags0&7;-
186 for (n=0,i=15-L;i<15;++i) {
i<15Description
TRUEnever evaluated
FALSEnever evaluated
0
187 n |= ctx->nonce.c[i];-
188 ctx->nonce.c[i]=0;-
189 n <<= 8;-
190 }
never executed: end of block
0
191 n |= ctx->nonce.c[15]; /* reconstructed length */-
192 ctx->nonce.c[15]=1;-
193-
194 if (n!=len) return -1; /* length mismatch */
never executed: return -1;
n!=lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
195-
196 ctx->blocks += ((len+15)>>3)|1;-
197 if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */
never executed: return -2;
ctx->blocks > (1UL<<61)Description
TRUEnever evaluated
FALSEnever evaluated
0
198-
199 while (len>=16) {
len>=16Description
TRUEnever evaluated
FALSEnever evaluated
0
200#ifdef __STRICT_ALIGNMENT-
201 union { u64 u[2]; u8 c[16]; } temp;-
202-
203 memcpy (temp.c,inp,16);-
204 ctx->cmac.u[0] ^= temp.u[0];-
205 ctx->cmac.u[1] ^= temp.u[1];-
206#else-
207 ctx->cmac.u[0] ^= ((u64*)inp)[0];-
208 ctx->cmac.u[1] ^= ((u64*)inp)[1];-
209#endif-
210 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
211 (*block)(ctx->nonce.c,scratch.c,key);-
212 ctr64_inc(ctx->nonce.c);-
213#ifdef __STRICT_ALIGNMENT-
214 temp.u[0] ^= scratch.u[0];-
215 temp.u[1] ^= scratch.u[1];-
216 memcpy(out,temp.c,16);-
217#else-
218 ((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0];-
219 ((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1];-
220#endif-
221 inp += 16;-
222 out += 16;-
223 len -= 16;-
224 }
never executed: end of block
0
225-
226 if (len) {
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
227 for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i];
never executed: ctx->cmac.c[i] ^= inp[i];
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
228 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
229 (*block)(ctx->nonce.c,scratch.c,key);-
230 for (i=0; i<len; ++i) out[i] = scratch.c[i]^inp[i];
never executed: out[i] = scratch.c[i]^inp[i];
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
231 }
never executed: end of block
0
232-
233 for (i=15-L;i<16;++i)
i<16Description
TRUEnever evaluated
FALSEnever evaluated
0
234 ctx->nonce.c[i]=0;
never executed: ctx->nonce.c[i]=0;
0
235-
236 (*block)(ctx->nonce.c,scratch.c,key);-
237 ctx->cmac.u[0] ^= scratch.u[0];-
238 ctx->cmac.u[1] ^= scratch.u[1];-
239-
240 ctx->nonce.c[0] = flags0;-
241-
242 return 0;
never executed: return 0;
0
243}-
244-
245int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,-
246 const unsigned char *inp, unsigned char *out,-
247 size_t len)-
248{-
249 size_t n;-
250 unsigned int i,L;-
251 unsigned char flags0 = ctx->nonce.c[0];-
252 block128_f block = ctx->block;-
253 void * key = ctx->key;-
254 union { u64 u[2]; u8 c[16]; } scratch;-
255-
256 if (!(flags0&0x40))
!(flags0&0x40)Description
TRUEnever evaluated
FALSEnever evaluated
0
257 (*block)(ctx->nonce.c,ctx->cmac.c,key);
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key);
0
258-
259 ctx->nonce.c[0] = L = flags0&7;-
260 for (n=0,i=15-L;i<15;++i) {
i<15Description
TRUEnever evaluated
FALSEnever evaluated
0
261 n |= ctx->nonce.c[i];-
262 ctx->nonce.c[i]=0;-
263 n <<= 8;-
264 }
never executed: end of block
0
265 n |= ctx->nonce.c[15]; /* reconstructed length */-
266 ctx->nonce.c[15]=1;-
267-
268 if (n!=len) return -1;
never executed: return -1;
n!=lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
269-
270 while (len>=16) {
len>=16Description
TRUEnever evaluated
FALSEnever evaluated
0
271#ifdef __STRICT_ALIGNMENT-
272 union { u64 u[2]; u8 c[16]; } temp;-
273#endif-
274 (*block)(ctx->nonce.c,scratch.c,key);-
275 ctr64_inc(ctx->nonce.c);-
276#ifdef __STRICT_ALIGNMENT-
277 memcpy (temp.c,inp,16);-
278 ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]);-
279 ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);-
280 memcpy (out,scratch.c,16);-
281#else-
282 ctx->cmac.u[0] ^= (((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0]);-
283 ctx->cmac.u[1] ^= (((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1]);-
284#endif-
285 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
286-
287 inp += 16;-
288 out += 16;-
289 len -= 16;-
290 }
never executed: end of block
0
291-
292 if (len) {
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
293 (*block)(ctx->nonce.c,scratch.c,key);-
294 for (i=0; i<len; ++i)
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
295 ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
never executed: ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
0
296 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
297 }
never executed: end of block
0
298-
299 for (i=15-L;i<16;++i)
i<16Description
TRUEnever evaluated
FALSEnever evaluated
0
300 ctx->nonce.c[i]=0;
never executed: ctx->nonce.c[i]=0;
0
301-
302 (*block)(ctx->nonce.c,scratch.c,key);-
303 ctx->cmac.u[0] ^= scratch.u[0];-
304 ctx->cmac.u[1] ^= scratch.u[1];-
305-
306 ctx->nonce.c[0] = flags0;-
307-
308 return 0;
never executed: return 0;
0
309}-
310-
311static void ctr64_add (unsigned char *counter,size_t inc)-
312{ size_t n=8, val=0;-
313-
314 counter += 8;-
315 do {-
316 --n;-
317 val += counter[n] + (inc&0xff);-
318 counter[n] = (unsigned char)val;-
319 val >>= 8; /* carry bit */-
320 inc >>= 8;-
321 } while(n && (inc || val));
never executed: end of block
nDescription
TRUEnever evaluated
FALSEnever evaluated
incDescription
TRUEnever evaluated
FALSEnever evaluated
valDescription
TRUEnever evaluated
FALSEnever evaluated
0
322}
never executed: end of block
0
323-
324int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,-
325 const unsigned char *inp, unsigned char *out,-
326 size_t len,ccm128_f stream)-
327{-
328 size_t n;-
329 unsigned int i,L;-
330 unsigned char flags0 = ctx->nonce.c[0];-
331 block128_f block = ctx->block;-
332 void * key = ctx->key;-
333 union { u64 u[2]; u8 c[16]; } scratch;-
334-
335 if (!(flags0&0x40))
!(flags0&0x40)Description
TRUEnever evaluated
FALSEnever evaluated
0
336 (*block)(ctx->nonce.c,ctx->cmac.c,key),
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key), ctx->blocks++;
0
337 ctx->blocks++;
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key), ctx->blocks++;
0
338-
339 ctx->nonce.c[0] = L = flags0&7;-
340 for (n=0,i=15-L;i<15;++i) {
i<15Description
TRUEnever evaluated
FALSEnever evaluated
0
341 n |= ctx->nonce.c[i];-
342 ctx->nonce.c[i]=0;-
343 n <<= 8;-
344 }
never executed: end of block
0
345 n |= ctx->nonce.c[15]; /* reconstructed length */-
346 ctx->nonce.c[15]=1;-
347-
348 if (n!=len) return -1; /* length mismatch */
never executed: return -1;
n!=lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
349-
350 ctx->blocks += ((len+15)>>3)|1;-
351 if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */
never executed: return -2;
ctx->blocks > (1UL<<61)Description
TRUEnever evaluated
FALSEnever evaluated
0
352-
353 if ((n=len/16)) {
(n=len/16)Description
TRUEnever evaluated
FALSEnever evaluated
0
354 (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);-
355 n *= 16;-
356 inp += n;-
357 out += n;-
358 len -= n;-
359 if (len) ctr64_add(ctx->nonce.c,n/16);
never executed: ctr64_add(ctx->nonce.c,n/16);
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
360 }
never executed: end of block
0
361-
362 if (len) {
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
363 for (i=0; i<len; ++i) ctx->cmac.c[i] ^= inp[i];
never executed: ctx->cmac.c[i] ^= inp[i];
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
364 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
365 (*block)(ctx->nonce.c,scratch.c,key);-
366 for (i=0; i<len; ++i) out[i] = scratch.c[i]^inp[i];
never executed: out[i] = scratch.c[i]^inp[i];
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
367 }
never executed: end of block
0
368-
369 for (i=15-L;i<16;++i)
i<16Description
TRUEnever evaluated
FALSEnever evaluated
0
370 ctx->nonce.c[i]=0;
never executed: ctx->nonce.c[i]=0;
0
371-
372 (*block)(ctx->nonce.c,scratch.c,key);-
373 ctx->cmac.u[0] ^= scratch.u[0];-
374 ctx->cmac.u[1] ^= scratch.u[1];-
375-
376 ctx->nonce.c[0] = flags0;-
377-
378 return 0;
never executed: return 0;
0
379}-
380-
381int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,-
382 const unsigned char *inp, unsigned char *out,-
383 size_t len,ccm128_f stream)-
384{-
385 size_t n;-
386 unsigned int i,L;-
387 unsigned char flags0 = ctx->nonce.c[0];-
388 block128_f block = ctx->block;-
389 void * key = ctx->key;-
390 union { u64 u[2]; u8 c[16]; } scratch;-
391-
392 if (!(flags0&0x40))
!(flags0&0x40)Description
TRUEnever evaluated
FALSEnever evaluated
0
393 (*block)(ctx->nonce.c,ctx->cmac.c,key);
never executed: (*block)(ctx->nonce.c,ctx->cmac.c,key);
0
394-
395 ctx->nonce.c[0] = L = flags0&7;-
396 for (n=0,i=15-L;i<15;++i) {
i<15Description
TRUEnever evaluated
FALSEnever evaluated
0
397 n |= ctx->nonce.c[i];-
398 ctx->nonce.c[i]=0;-
399 n <<= 8;-
400 }
never executed: end of block
0
401 n |= ctx->nonce.c[15]; /* reconstructed length */-
402 ctx->nonce.c[15]=1;-
403-
404 if (n!=len) return -1;
never executed: return -1;
n!=lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
405-
406 if ((n=len/16)) {
(n=len/16)Description
TRUEnever evaluated
FALSEnever evaluated
0
407 (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c);-
408 n *= 16;-
409 inp += n;-
410 out += n;-
411 len -= n;-
412 if (len) ctr64_add(ctx->nonce.c,n/16);
never executed: ctr64_add(ctx->nonce.c,n/16);
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
413 }
never executed: end of block
0
414-
415 if (len) {
lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
416 (*block)(ctx->nonce.c,scratch.c,key);-
417 for (i=0; i<len; ++i)
i<lenDescription
TRUEnever evaluated
FALSEnever evaluated
0
418 ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
never executed: ctx->cmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]);
0
419 (*block)(ctx->cmac.c,ctx->cmac.c,key);-
420 }
never executed: end of block
0
421-
422 for (i=15-L;i<16;++i)
i<16Description
TRUEnever evaluated
FALSEnever evaluated
0
423 ctx->nonce.c[i]=0;
never executed: ctx->nonce.c[i]=0;
0
424-
425 (*block)(ctx->nonce.c,scratch.c,key);-
426 ctx->cmac.u[0] ^= scratch.u[0];-
427 ctx->cmac.u[1] ^= scratch.u[1];-
428-
429 ctx->nonce.c[0] = flags0;-
430-
431 return 0;
never executed: return 0;
0
432}-
433-
434size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx,unsigned char *tag,size_t len)-
435{ unsigned int M = (ctx->nonce.c[0]>>3)&7; /* the M parameter */-
436-
437 M *= 2; M += 2;-
438 if (len<M) return 0;
never executed: return 0;
len<MDescription
TRUEnever evaluated
FALSEnever evaluated
0
439 memcpy(tag,ctx->cmac.c,M);-
440 return M;
never executed: return M;
0
441}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2