fixing some decryption bugs in GCM128

[avr-crypto-lib.git] / gcm / gcm128.c

diff --git a/gcm/gcm128.c b/gcm/gcm128.c
index 1f71046228b90c6746767b3b6ab42853dfbaeb0b..9fa6b63383b8f0128ff334ac852ee6b2c031c9aa 100644 (file)
--- a/gcm/gcm128.c
+++ b/gcm/gcm128.c
@@ -254,7 +254,7 @@ void gcm128_decrypt_block(
 {
     uint8_t tmp[BLOCK_BYTES];
     ghash128_block(&ctx->ghash_ctx, src);
-    inc32(&ctx->ctr[11]);
+    inc32(&ctx->ctr[BLOCK_BYTES - COUNT_BYTES]);
     memcpy(tmp, ctx->ctr, BLOCK_BYTES);
     bcal_cipher_enc(tmp, &ctx->cipher_ctx);
     memxor(tmp, src, BLOCK_BYTES);
@@ -286,7 +286,7 @@ void gcm128_decrypt_final_block(
             tmp[length_b / 8] &= 0xff << (8 - (length_b & 7));
         }
         ghash128_block(&ctx->ghash_ctx, tmp);
-        inc32(&ctx->ctr[11]);
+        inc32(&ctx->ctr[BLOCK_BYTES - COUNT_BYTES]);
         memcpy(tmp, ctx->ctr, BLOCK_BYTES);
         bcal_cipher_enc(tmp, &ctx->cipher_ctx);
         memxor(tmp, src, BLOCK_BYTES);