summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOri Bernstein <ori@eigenstate.org>2018-05-12 10:04:03 -0700
committerOri Bernstein <ori@eigenstate.org>2018-05-12 17:16:26 -0700
commit398cc4d0f4b41f726d6f734804b504d5bfedf4d9 (patch)
tree8708601cb2358d27c8ba741d894953c49c3552a7
parenta28464d95d9797aa15925dac3ca7a890b9835b5a (diff)
downloadmc-398cc4d0f4b41f726d6f734804b504d5bfedf4d9.tar.gz
Add aesgcm decryption
-rw-r--r--lib/crypto/aesgcm.myr18
-rw-r--r--lib/crypto/ct.myr12
2 files changed, 29 insertions, 1 deletions
diff --git a/lib/crypto/aesgcm.myr b/lib/crypto/aesgcm.myr
index 1a06d89..881b709 100644
--- a/lib/crypto/aesgcm.myr
+++ b/lib/crypto/aesgcm.myr
@@ -81,7 +81,23 @@ const aesgcmencrypt = {c, buf, aad, tag
}
const aesgcmdecrypt = {c, buf, aad, tag
- -> false
+ var tmp : byte[16]
+ var L, Y
+
+ ghash(c, aad, Y)
+ ghash(c, buf, Y)
+ L[0] = buf.len << 3
+ L[1] = buf.len >> 29
+ L[2] = aad.len << 3
+ L[3] = aad.len >> 29
+ ghash1(c, L, Y)
+ store128(Y, tmp[:])
+ aesctr(c, tmp[:])
+ if bufeq(tag, tmp[:])
+ -> false
+ ;;
+ aesctr(c, buf)
+ -> true
}
const ghash = {c, buf, Y
diff --git a/lib/crypto/ct.myr b/lib/crypto/ct.myr
index d6fe34d..80ad13e 100644
--- a/lib/crypto/ct.myr
+++ b/lib/crypto/ct.myr
@@ -12,6 +12,7 @@ pkg crypto =
generic mux : (x : @t, a : @t, b : @t ->@t) :: integral,numeric @t
generic min : (a : @t, b : @t -> @t) :: integral,numeric @t
generic max : (a : @t, b : @t -> @t) :: integral,numeric @t
+ const bufeq : (a : byte[:], b : byte[:] -> bool)
;;
generic not = {a : @t :: integral,numeric @t
@@ -73,3 +74,14 @@ generic max = {a, b
x = lt(a, b)
-> mux(x, b, a)
}
+
+const bufeq = {a, b
+ var r, n
+
+ r = 1
+ n = min(a.len, b.len)
+ for var i = 0; i < n; i++
+ r = mux(r, eq(a[i], b[i]), r)
+ ;;
+ -> (r : bool)
+}