1 // SPDX-License-Identifier: BSD-2-Clause
2 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3  *
4  * LibTomCrypt is a library that provides various cryptographic
5  * algorithms in a highly modular and flexible manner.
6  *
7  * The library is free for all purposes without any express
8  * guarantee it works.
9  */
10 
11 /**
12    @file eax_done.c
13    EAX implementation, terminate session, by Tom St Denis
14 */
15 #include "tomcrypt_private.h"
16 
17 #ifdef LTC_EAX_MODE
18 
19 /**
20    Terminate an EAX session and get the tag.
21    @param eax       The EAX state
22    @param tag       [out] The destination of the authentication tag
23    @param taglen    [in/out] The max length and resulting length of the authentication tag
24    @return CRYPT_OK if successful
25 */
eax_done(eax_state * eax,unsigned char * tag,unsigned long * taglen)26 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
27 {
28    int           err;
29    unsigned char *headermac, *ctmac;
30    unsigned long x, len;
31 
32    LTC_ARGCHK(eax    != NULL);
33    LTC_ARGCHK(tag    != NULL);
34    LTC_ARGCHK(taglen != NULL);
35 
36    /* allocate ram */
37    headermac = XMALLOC(MAXBLOCKSIZE);
38    ctmac     = XMALLOC(MAXBLOCKSIZE);
39 
40    if (headermac == NULL || ctmac == NULL) {
41       if (headermac != NULL) {
42          XFREE(headermac);
43       }
44       if (ctmac != NULL) {
45          XFREE(ctmac);
46       }
47       return CRYPT_MEM;
48    }
49 
50    /* finish ctomac */
51    len = MAXBLOCKSIZE;
52    if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
53       goto LBL_ERR;
54    }
55 
56    /* finish headeromac */
57 
58    /* note we specifically don't reset len so the two lens are minimal */
59 
60    if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
61       goto LBL_ERR;
62    }
63 
64    /* terminate the CTR chain */
65    if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) {
66       goto LBL_ERR;
67    }
68 
69    /* compute N xor H xor C */
70    for (x = 0; x < len && x < *taglen; x++) {
71        tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
72    }
73    *taglen = x;
74 
75    err = CRYPT_OK;
76 LBL_ERR:
77 #ifdef LTC_CLEAN_STACK
78    zeromem(ctmac,     MAXBLOCKSIZE);
79    zeromem(headermac, MAXBLOCKSIZE);
80    zeromem(eax,       sizeof(*eax));
81 #endif
82 
83    XFREE(ctmac);
84    XFREE(headermac);
85 
86    return err;
87 }
88 
89 #endif
90 
91 /* ref:         $Format:%D$ */
92 /* git commit:  $Format:%H$ */
93 /* commit time: $Format:%ai$ */
94