ref: 398cc4d0f4b41f726d6f734804b504d5bfedf4d9
parent: a28464d95d9797aa15925dac3ca7a890b9835b5a
author: Ori Bernstein <ori@eigenstate.org>
date: Sat May 12 06:04:03 EDT 2018
Add aesgcm decryption
--- a/lib/crypto/aesgcm.myr
+++ b/lib/crypto/aesgcm.myr
@@ -81,7 +81,23 @@
}
const aesgcmdecrypt = {c, buf, aad, tag- -> false
+ var tmp : byte[16]
+ var L, Y
+
+ ghash(c, aad, Y)
+ ghash(c, buf, Y)
+ L[0] = buf.len << 3
+ L[1] = buf.len >> 29
+ L[2] = aad.len << 3
+ L[3] = aad.len >> 29
+ ghash1(c, L, Y)
+ store128(Y, tmp[:])
+ aesctr(c, tmp[:])
+ if bufeq(tag, tmp[:])
+ -> false
+ ;;
+ aesctr(c, buf)
+ -> true
}
const ghash = {c, buf, Y--- a/lib/crypto/ct.myr
+++ b/lib/crypto/ct.myr
@@ -12,6 +12,7 @@
generic mux : (x : @t, a : @t, b : @t ->@t) :: integral,numeric @t
generic min : (a : @t, b : @t -> @t) :: integral,numeric @t
generic max : (a : @t, b : @t -> @t) :: integral,numeric @t
+ const bufeq : (a : byte[:], b : byte[:] -> bool)
;;
generic not = {a : @t :: integral,numeric @t@@ -72,4 +73,15 @@
x = lt(a, b)
-> mux(x, b, a)
+}
+
+const bufeq = {a, b+ var r, n
+
+ r = 1
+ n = min(a.len, b.len)
+ for var i = 0; i < n; i++
+ r = mux(r, eq(a[i], b[i]), r)
+ ;;
+ -> (r : bool)
}