serpent_makekey(&ti->cryptkey,256,key);
serpent_makekey(&ti->mackey,256,key+32);
- ti->cryptiv=GET_32BIT_MSB_FIRST(key+64);
- ti->maciv=GET_32BIT_MSB_FIRST(key+68);
- ti->sendseq=GET_32BIT_MSB_FIRST(key+72);
+ ti->cryptiv=get_uint32(key+64);
+ ti->maciv=get_uint32(key+68);
+ ti->sendseq=get_uint32(key+72);
ti->lastrecvseq=ti->sendseq;
ti->keyed=True;
return True;
}
+static bool_t transform_valid(void *sst)
+{
+ struct transform_inst *ti=sst;
+
+ return ti->keyed;
+}
+
static void transform_delkey(void *sst)
{
struct transform_inst *ti=sst;
it we've have to add 16 bytes to each message, not 4, so that the
message stays a multiple of 16 bytes long.) */
memset(iv,0,16);
- PUT_32BIT_MSB_FIRST(iv, ti->maciv);
+ put_uint32(iv, ti->maciv);
serpent_encrypt(&ti->mackey,iv,macacc);
/* CBCMAC: encrypt in CBC mode. The MAC is the last encrypted
/* Serpent-CBC. We expand the ID as for CBCMAC, do the encryption,
and prepend the IV before increasing it. */
memset(iv,0,16);
- PUT_32BIT_MSB_FIRST(iv, ti->cryptiv);
+ put_uint32(iv, ti->cryptiv);
serpent_encrypt(&ti->cryptkey,iv,iv);
/* CBC: each block is XORed with the previous encrypted block (or the IV)
return 1;
}
+ if (buf->size < 4 + 16 + 16) {
+ *errmsg="msg too short";
+ return 1;
+ }
/* CBC */
memset(iv,0,16);
{
uint32_t ivword = buf_unprepend_uint32(buf);
- PUT_32BIT_MSB_FIRST(iv, ivword);
+ put_uint32(iv, ivword);
}
/* Assert bufsize is multiple of blocksize */
if (buf->size&0xf) {
*errmsg="msg not multiple of cipher blocksize";
+ return 1;
}
serpent_encrypt(&ti->cryptkey,iv,iv);
for (n=buf->start; n<buf->start+buf->size; n+=16)
/* CBCMAC */
macexpected=buf_unappend(buf,16);
memset(iv,0,16);
- PUT_32BIT_MSB_FIRST(iv, ti->maciv);
+ put_uint32(iv, ti->maciv);
serpent_encrypt(&ti->mackey,iv,macacc);
/* CBCMAC: encrypt in CBC mode. The MAC is the last encrypted
serpent_encrypt(&ti->mackey,macplain,macacc);
}
serpent_encrypt(&ti->mackey,macacc,macacc);
- if (memcmp(macexpected,macacc,16)!=0) {
+ if (!consttime_memeq(macexpected,macacc,16)!=0) {
*errmsg="invalid MAC";
return 1;
}
return 1;
}
- padp=buf_unappend(buf,padlen-1);
- for (i=0; i<padlen-1; i++) {
- if (*++padp != padlen) {
- *errmsg="pkcs5: corrupted padding";
- return 1;
- }
- }
+ buf_unappend(buf,padlen-1);
/* Sequence number must be within max_skew of lastrecvseq; lastrecvseq
is only allowed to increase. */
} else {
/* Too much skew */
*errmsg="seqnum: too much skew";
- return 1;
+ return 2;
}
return 0;
ti->ops.st=ti;
ti->ops.setkey=transform_setkey;
+ ti->ops.valid=transform_valid;
ti->ops.delkey=transform_delkey;
ti->ops.forwards=transform_forward;
ti->ops.reverse=transform_reverse;