LEFT | RIGHT |
1 // Copyright 2013 The Go Authors. All rights reserved. | 1 // Copyright 2013 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package cipher | 5 package cipher |
6 | 6 |
7 import ( | 7 import ( |
8 "crypto/subtle" | 8 "crypto/subtle" |
9 "errors" | 9 "errors" |
10 ) | 10 ) |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
290 gcmInc32(counter) | 290 gcmInc32(counter) |
291 | 291 |
292 xorWords(out, in, mask[:]) | 292 xorWords(out, in, mask[:]) |
293 out = out[gcmBlockSize:] | 293 out = out[gcmBlockSize:] |
294 in = in[gcmBlockSize:] | 294 in = in[gcmBlockSize:] |
295 } | 295 } |
296 | 296 |
297 if len(in) > 0 { | 297 if len(in) > 0 { |
298 g.cipher.Encrypt(mask[:], counter[:]) | 298 g.cipher.Encrypt(mask[:], counter[:]) |
299 gcmInc32(counter) | 299 gcmInc32(counter) |
300 » » xorWords(out, in, mask[:]) | 300 » » xorBytes(out, in, mask[:]) |
301 } | 301 } |
302 } | 302 } |
303 | 303 |
304 // auth calculates GHASH(ciphertext, additionalData), masks the result with | 304 // auth calculates GHASH(ciphertext, additionalData), masks the result with |
305 // tagMask and writes the result to out. | 305 // tagMask and writes the result to out. |
306 func (g *gcm) auth(out, ciphertext, additionalData []byte, tagMask *[gcmTagSize]
byte) { | 306 func (g *gcm) auth(out, ciphertext, additionalData []byte, tagMask *[gcmTagSize]
byte) { |
307 var y gcmFieldElement | 307 var y gcmFieldElement |
308 g.update(&y, additionalData) | 308 g.update(&y, additionalData) |
309 g.update(&y, ciphertext) | 309 g.update(&y, ciphertext) |
310 | 310 |
(...skipping 23 matching lines...) Expand all Loading... |
334 func putUint64(out []byte, v uint64) { | 334 func putUint64(out []byte, v uint64) { |
335 out[0] = byte(v >> 56) | 335 out[0] = byte(v >> 56) |
336 out[1] = byte(v >> 48) | 336 out[1] = byte(v >> 48) |
337 out[2] = byte(v >> 40) | 337 out[2] = byte(v >> 40) |
338 out[3] = byte(v >> 32) | 338 out[3] = byte(v >> 32) |
339 out[4] = byte(v >> 24) | 339 out[4] = byte(v >> 24) |
340 out[5] = byte(v >> 16) | 340 out[5] = byte(v >> 16) |
341 out[6] = byte(v >> 8) | 341 out[6] = byte(v >> 8) |
342 out[7] = byte(v) | 342 out[7] = byte(v) |
343 } | 343 } |
LEFT | RIGHT |