Startseite Erkunden Hilfe
Registrieren Anmelden
embedded
/
owner-nrf52sdk
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: f87c106a87
Branches Tags
owner-nrf52sdk
/
nRF5_SDK_15.2.0
/
external
/
cifra_AES128-EAX
/
cifra_cmac.c

cifra_cmac.c 4.1 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. /*
    2. 

  2.  * cifra - embedded cryptography library
    3. 

  3.  * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
    4. 

  4.  *
    5. 

  5.  * To the extent possible under law, the author(s) have dedicated all
    6. 

  6.  * copyright and related and neighboring rights to this software to the
    7. 

  7.  * public domain worldwide. This software is distributed without any
    8. 

  8.  * warranty.
    9. 

  9.  *
    10. 

  10.  * You should have received a copy of the CC0 Public Domain Dedication
    11. 

  11.  * along with this software. If not, see
    12. 

  12.  * <http://creativecommons.org/publicdomain/zero/1.0/>.
    13. 

  13.  */
    14. 

  14. 

  15. #include "handy.h"
    16. 

  16. #include "prp.h"
    17. 

  17. #include "modes.h"
    18. 

  18. #include "bitops.h"
    19. 

  19. #include "blockwise.h"
    20. 

  20. #include "gf128.h"
    21. 

  21. #include "tassert.h"
    22. 

  22. 

  23. #include <string.h>
    24. 

  24. 

  25. void cf_cmac_init(cf_cmac *ctx, const cf_prp *prp, void *prpctx)
    26. 

  26. {
    27. 

  27.   uint8_t L[CF_MAXBLOCK];
    28. 

  28.   assert(prp->blocksz == 16);
    29. 

  29. 

  30.   mem_clean(ctx, sizeof *ctx);
    31. 

  31. 

  32.   /* L = E_K(0^n) */
    33. 

  33.   mem_clean(L, prp->blocksz);
    34. 

  34.   prp->encrypt(prpctx, L, L);
    35. 

  35. 

  36.   /* B = 2L */
    37. 

  37.   cf_gf128 gf;
    38. 

  38.   cf_gf128_frombytes_be(L, gf);
    39. 

  39.   cf_gf128_double(gf, gf);
    40. 

  40.   cf_gf128_tobytes_be(gf, ctx->B);
    41. 

  41. 

  42.   /* P = 4L */
    43. 

  43.   cf_gf128_double(gf, gf);
    44. 

  44.   cf_gf128_tobytes_be(gf, ctx->P);
    45. 

  45. 

  46.   ctx->prp = prp;
    47. 

  47.   ctx->prpctx = prpctx;
    48. 

  48. }
    49. 

  49. 

  50. void cf_cmac_sign(cf_cmac *ctx, const uint8_t *data, size_t len, uint8_t out[CF_MAXBLOCK])
    51. 

  51. {
    52. 

  52.   cf_cmac_stream stream;
    53. 

  53.   stream.cmac = *ctx;
    54. 

  54.   cf_cmac_stream_reset(&stream);
    55. 

  55.   cf_cmac_stream_update(&stream, data, len, 1);
    56. 

  56.   cf_cmac_stream_final(&stream, out);
    57. 

  57. }
    58. 

  58. 

  59. void cf_cmac_stream_init(cf_cmac_stream *ctx, const cf_prp *prp, void *prpctx)
    60. 

  60. {
    61. 

  61.   cf_cmac_init(&ctx->cmac, prp, prpctx);
    62. 

  62.   cf_cmac_stream_reset(ctx);
    63. 

  63. }
    64. 

  64. 

  65. void cf_cmac_stream_reset(cf_cmac_stream *ctx)
    66. 

  66. {
    67. 

  67.   uint8_t iv_zero[CF_MAXBLOCK] = { 0 };
    68. 

  68.   cf_cbc_init(&ctx->cbc, ctx->cmac.prp, ctx->cmac.prpctx, iv_zero);
    69. 

  69.   mem_clean(ctx->buffer, sizeof ctx->buffer);
    70. 

  70.   ctx->used = 0;
    71. 

  71.   ctx->processed = 0;
    72. 

  72.   ctx->finalised = 0;
    73. 

  73. }
    74. 

  74. 

  75. static void cmac_process(void *vctx, const uint8_t *block)
    76. 

  76. {
    77. 

  77.   cf_cmac_stream *ctx = vctx;
    78. 

  78.   uint8_t output[CF_MAXBLOCK];
    79. 

  79.   cf_cbc_encrypt(&ctx->cbc, block, output, 1);
    80. 

  80.   ctx->processed += ctx->cmac.prp->blocksz;
    81. 

  81. }
    82. 

  82. 

  83. static void cmac_process_final(cf_cmac_stream *ctx, const uint8_t *block,
    84. 

  84.                                const uint8_t *xor)
    85. 

  85. {
    86. 

  86.   uint8_t input[CF_MAXBLOCK];
    87. 

  87.   uint8_t output[CF_MAXBLOCK];
    88. 

  88.   xor_bb(input, block, xor, ctx->cmac.prp->blocksz);
    89. 

  89.   cf_cbc_encrypt(&ctx->cbc, input, output, 1);
    90. 

  90.   ctx->processed += ctx->cmac.prp->blocksz;
    91. 

  91.   /* signature is in ctx->cbc.block. */
    92. 

  92. }
    93. 

  93. 

  94. static void cmac_process_final_nopad(void *vctx, const uint8_t *block)
    95. 

  95. {
    96. 

  96.   cf_cmac_stream *ctx = vctx;
    97. 

  97.   cmac_process_final(ctx, block, ctx->cmac.B);
    98. 

  98.   ctx->finalised = 1;
    99. 

  99. }
    100. 

  100. 

  101. static void cmac_process_final_pad(void *vctx, const uint8_t *block)
    102. 

  102. {
    103. 

  103.   cf_cmac_stream *ctx = vctx;
    104. 

  104.   cmac_process_final(ctx, block, ctx->cmac.P);
    105. 

  105.   ctx->finalised = 1;
    106. 

  106. }
    107. 

  107. 

  108. void cf_cmac_stream_update(cf_cmac_stream *ctx, const uint8_t *data, size_t len, int isfinal)
    109. 

  109. {
    110. 

  110.   size_t blocksz = ctx->cmac.prp->blocksz;
    111. 

  111.   cf_blockwise_in_fn final_fn = cmac_process;
    112. 

  112.   int needpad = 0;
    113. 

  113. 

  114.   if (isfinal)
    115. 

  115.   {
    116. 

  116.     int whole_number_of_blocks = ((len + ctx->used) & 0xf) == 0;
    117. 

  117.     int empty_message = len == 0 && ctx->used == 0 && ctx->processed == 0;
    118. 

  118. 

  119.     assert(!ctx->finalised);  /* finalised before? */
    120. 

  120.     assert(len != 0 || empty_message); /* we can't be told we're done after the fact. */
    121. 

  121. 

  122.     /* If we have a whole number of blocks, and at least 1 block, we XOR in B.
    123. 

  123.      * Otherwise, we need to pad and XOR in P. */
    124. 

  124.     if (whole_number_of_blocks && !empty_message)
    125. 

  125.       final_fn = cmac_process_final_nopad;
    126. 

  126.     else
    127. 

  127.       needpad = 1;
    128. 

  128.   }
    129. 

  129. 

  130.   /* Input data */
    131. 

  131.   cf_blockwise_accumulate_final(ctx->buffer, &ctx->used, blocksz,
    132. 

  132.                                 data, len,
    133. 

  133.                                 cmac_process,
    134. 

  134.                                 final_fn, ctx);
    135. 

  135. 

  136.   /* Input padding */
    137. 

  137.   if (needpad)
    138. 

  138.   {
    139. 

  139.     cf_blockwise_acc_pad(ctx->buffer, &ctx->used, blocksz,
    140. 

  140.                          0x80, 0x00, 0x00, blocksz - ctx->used,
    141. 

  141.                          cmac_process_final_pad, ctx);
    142. 

  142.   }
    143. 

  143. }
    144. 

  144. 

  145. void cf_cmac_stream_final(cf_cmac_stream *ctx, uint8_t out[CF_MAXBLOCK])
    146. 

  146. {
    147. 

  147.   assert(ctx->finalised);
    148. 

  148.   memcpy(out, ctx->cbc.block, ctx->cmac.prp->blocksz);
    149. 

  149. }
    150. 

  150.