69     memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
70     ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3;
78 /* Then you setup per-message nonce and pass the length of the message */
80                         const unsigned char *nonce, size_t nlen, size_t mlen)
82     unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */
85         return -1;              /* nonce is too short */
88         ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8)));
89         ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8)));
90         ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8)));
91         ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8)));
93         ctx->nonce.u[1] = 0;
95     ctx->nonce.c[12] = (u8)(mlen >> 24);
96     ctx->nonce.c[13] = (u8)(mlen >> 16);
97     ctx->nonce.c[14] = (u8)(mlen >> 8);
98     ctx->nonce.c[15] = (u8)mlen;
100     ctx->nonce.c[0] &= ~0x40;   /* clear Adata flag */
101     memcpy(&ctx->nonce.c[1], nonce, 14 - L);
116     ctx->nonce.c[0] |= 0x40;    /* set Adata flag */
117     (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++;
157  * counter part of nonce may not be larger than L*8 bits, L is not larger
182     unsigned char flags0 = ctx->nonce.c[0];
191         (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
193     ctx->nonce.c[0] = L = flags0 & 7;
195         n |= ctx->nonce.c[i];
196         ctx->nonce.c[i] = 0;
199     n |= ctx->nonce.c[15];      /* reconstructed length */
200     ctx->nonce.c[15] = 1;
224         (*block) (ctx->nonce.c, scratch.c, key);
225         ctr64_inc(ctx->nonce.c);
243         (*block) (ctx->nonce.c, scratch.c, key);
249         ctx->nonce.c[i] = 0;
251     (*block) (ctx->nonce.c, scratch.c, key);
255     ctx->nonce.c[0] = flags0;
266     unsigned char flags0 = ctx->nonce.c[0];
275         (*block) (ctx->nonce.c, ctx->cmac.c, key);
277     ctx->nonce.c[0] = L = flags0 & 7;
279         n |= ctx->nonce.c[i];
280         ctx->nonce.c[i] = 0;
283     n |= ctx->nonce.c[15];      /* reconstructed length */
284     ctx->nonce.c[15] = 1;
296         (*block) (ctx->nonce.c, scratch.c, key);
297         ctr64_inc(ctx->nonce.c);
315         (*block) (ctx->nonce.c, scratch.c, key);
322         ctx->nonce.c[i] = 0;
324     (*block) (ctx->nonce.c, scratch.c, key);
328     ctx->nonce.c[0] = flags0;
353     unsigned char flags0 = ctx->nonce.c[0];
362         (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
364     ctx->nonce.c[0] = L = flags0 & 7;
366         n |= ctx->nonce.c[i];
367         ctx->nonce.c[i] = 0;
370     n |= ctx->nonce.c[15];      /* reconstructed length */
371     ctx->nonce.c[15] = 1;
381         (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
387             ctr64_add(ctx->nonce.c, n / 16);
394         (*block) (ctx->nonce.c, scratch.c, key);
400         ctx->nonce.c[i] = 0;
402     (*block) (ctx->nonce.c, scratch.c, key);
406     ctx->nonce.c[0] = flags0;
417     unsigned char flags0 = ctx->nonce.c[0];
426         (*block) (ctx->nonce.c, ctx->cmac.c, key);
428     ctx->nonce.c[0] = L = flags0 & 7;
430         n |= ctx->nonce.c[i];
431         ctx->nonce.c[i] = 0;
434     n |= ctx->nonce.c[15];      /* reconstructed length */
435     ctx->nonce.c[15] = 1;
441         (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
447             ctr64_add(ctx->nonce.c, n / 16);
451         (*block) (ctx->nonce.c, scratch.c, key);
458         ctx->nonce.c[i] = 0;
460     (*block) (ctx->nonce.c, scratch.c, key);
464     ctx->nonce.c[0] = flags0;
471     unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */

Indexes created Tue Jul 09 22:07:09 MDT 2024