Add tests for AES GCM decryption, fix a small bug.

author: Ori Bernstein <ori@eigenstate.org> 2018-05-12 11:53:57 -0700
committer: Ori Bernstein <ori@eigenstate.org> 2018-05-13 20:07:21 -0700
commit: 7464174215c60b462e390a1ec63b04b26cf15666 (patch)
tree: ef2e08fd167368630673248beaeddb8326d5cea5 /lib/crypto/aesgcm.myr
parent: 05e04ed1df3c315aa69b2b5c16f16e83922d5aed (diff)
download: mc-7464174215c60b462e390a1ec63b04b26cf15666.tar.gz
1 files changed, 10 insertions, 9 deletions
diff --git a/lib/crypto/aesgcm.myr b/lib/crypto/aesgcm.myr
index 881b709..1e6cb94 100644
--- a/lib/crypto/aesgcm.myr
+++ b/lib/crypto/aesgcm.myr
@@ -81,23 +81,24 @@ const aesgcmencrypt = {c, buf, aad, tag
 }
 
 const aesgcmdecrypt = {c, buf, aad, tag
-	var tmp : byte[16]
+	var ctag : byte[16], tmp : byte[16]
 	var L, Y
 
-	ghash(c, aad, Y)
-	ghash(c, buf, Y)
+	L = [0,0,0,0]
+	Y = [0,0,0,0]
+	ghash(c, aad, Y[:])
+	ghash(c, buf, Y[:])
 	L[0] = buf.len << 3
 	L[1] = buf.len >> 29
 	L[2] = aad.len << 3
 	L[3] = aad.len >> 29
-	ghash1(c, L, Y)
-	store128(Y, tmp[:])
-	aesctr(c, tmp[:])
-	if bufeq(tag, tmp[:])
-		-> false
+	ghash1(c, L[:], Y[:])
+	store128(Y[:], ctag[:])
+	for var i = 0; i < 16; i++
+		ctag[i] ^= c.j0[i]
 	;;
 	aesctr(c, buf)
-	-> true
+	-> bufeq(tag, ctag[:])
 }
 
 const ghash = {c, buf, Y
author	Ori Bernstein <ori@eigenstate.org>	2018-05-12 11:53:57 -0700
committer	Ori Bernstein <ori@eigenstate.org>	2018-05-13 20:07:21 -0700
commit	7464174215c60b462e390a1ec63b04b26cf15666 (patch)
tree	ef2e08fd167368630673248beaeddb8326d5cea5 /lib/crypto/aesgcm.myr
parent	05e04ed1df3c315aa69b2b5c16f16e83922d5aed (diff)
download	mc-7464174215c60b462e390a1ec63b04b26cf15666.tar.gz