Startseite Erkunden Hilfe
Registrieren Anmelden
embedded
/
owner-nrf52sdk
2
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: f87c106a87
Branches Tags
owner-nrf52sdk
/
nRF5_SDK_17.0.2
/
external
/
cifra_AES128-EAX
/
eax.c

eax.c 3.2 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. /*
    2. 

  2.  * cifra - embedded cryptography library
    3. 

  3.  * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
    4. 

  4.  *
    5. 

  5.  * To the extent possible under law, the author(s) have dedicated all
    6. 

  6.  * copyright and related and neighboring rights to this software to the
    7. 

  7.  * public domain worldwide. This software is distributed without any
    8. 

  8.  * warranty.
    9. 

  9.  *
    10. 

  10.  * You should have received a copy of the CC0 Public Domain Dedication
    11. 

  11.  * along with this software. If not, see
    12. 

  12.  * <http://creativecommons.org/publicdomain/zero/1.0/>.
    13. 

  13.  */
    14. 

  14. 

  15. #include "prp.h"
    16. 

  16. #include "modes.h"
    17. 

  17. #include "tassert.h"
    18. 

  18. #include "handy.h"
    19. 

  19. #include <string.h>
    20. 

  20. 

  21. static void cmac_compute_n(cf_cmac_stream *ctx,
    22. 

  22.                            uint8_t t,
    23. 

  23.                            const uint8_t *input, size_t ninput,
    24. 

  24.                            uint8_t out[CF_MAXBLOCK])
    25. 

  25. {
    26. 

  26.   size_t blocksz = ctx->cmac.prp->blocksz;
    27. 

  27.   assert(blocksz > 0);
    28. 

  28. 

  29.   uint8_t firstblock[CF_MAXBLOCK];
    30. 

  30.   memset(firstblock, 0, blocksz);
    31. 

  31.   firstblock[blocksz - 1] = t;
    32. 

  32. 

  33.   cf_cmac_stream_reset(ctx);
    34. 

  34.   if (ninput)
    35. 

  35.   {
    36. 

  36.     cf_cmac_stream_update(ctx, firstblock, blocksz, 0);
    37. 

  37.     cf_cmac_stream_update(ctx, input, ninput, 1);
    38. 

  38.   } else {
    39. 

  39.     cf_cmac_stream_update(ctx, firstblock, blocksz, 1);
    40. 

  40.   }
    41. 

  41. 

  42.   cf_cmac_stream_final(ctx, out);
    43. 

  43. }
    44. 

  44. 

  45. void cf_eax_encrypt(const cf_prp *prp, void *prpctx,
    46. 

  46.                     const uint8_t *plain, size_t nplain,
    47. 

  47.                     const uint8_t *header, size_t nheader,
    48. 

  48.                     const uint8_t *nonce, size_t nnonce,
    49. 

  49.                     uint8_t *cipher, /* the same size as nplain */
    50. 

  50.                     uint8_t *tag, size_t ntag)
    51. 

  51. {
    52. 

  52.   uint8_t NN[CF_MAXBLOCK],
    53. 

  53.           HH[CF_MAXBLOCK],
    54. 

  54.           CC[CF_MAXBLOCK];
    55. 

  55. 

  56.   cf_cmac_stream cmac;
    57. 

  57.   cf_cmac_stream_init(&cmac, prp, prpctx);
    58. 

  58. 

  59.   /* NN = OMAC_K^0(N) */
    60. 

  60.   cmac_compute_n(&cmac, 0, nonce, nnonce, NN);
    61. 

  61. 

  62.   /* HH = OMAC_K^1(H) */
    63. 

  63.   cmac_compute_n(&cmac, 1, header, nheader, HH);
    64. 

  64. 

  65.   /* C = CTR_K^NN(M) */
    66. 

  66.   cf_ctr ctr;
    67. 

  67.   cf_ctr_init(&ctr, prp, prpctx, NN);
    68. 

  68.   cf_ctr_cipher(&ctr, plain, cipher, nplain);
    69. 

  69. 

  70.   /* CC = OMAC_K^2(C) */
    71. 

  71.   cmac_compute_n(&cmac, 2, cipher, nplain, CC);
    72. 

  72. 

  73.   /* Tag = NN ^ CC ^ HH
    74. 

  74.    * T = Tag [ first tau bits ] */
    75. 

  75.   assert(ntag <= prp->blocksz);
    76. 

  76.   for (size_t i = 0; i < ntag; i++)
    77. 

  77.     tag[i] = NN[i] ^ CC[i] ^ HH[i];
    78. 

  78. }
    79. 

  79. 

  80. int cf_eax_decrypt(const cf_prp *prp, void *prpctx,
    81. 

  81.                    const uint8_t *cipher, size_t ncipher,
    82. 

  82.                    const uint8_t *header, size_t nheader,
    83. 

  83.                    const uint8_t *nonce, size_t nnonce,
    84. 

  84.                    const uint8_t *tag, size_t ntag,
    85. 

  85.                    uint8_t *plain) /* the same size as ncipher */
    86. 

  86. {
    87. 

  87.   uint8_t NN[CF_MAXBLOCK],
    88. 

  88.           HH[CF_MAXBLOCK],
    89. 

  89.           CC[CF_MAXBLOCK];
    90. 

  90. 

  91.   cf_cmac_stream cmac;
    92. 

  92.   cf_cmac_stream_init(&cmac, prp, prpctx);
    93. 

  93. 

  94.   /* NN = OMAC_K^0(N) */
    95. 

  95.   cmac_compute_n(&cmac, 0, nonce, nnonce, NN);
    96. 

  96. 

  97.   /* HH = OMAC_K^1(H) */
    98. 

  98.   cmac_compute_n(&cmac, 1, header, nheader, HH);
    99. 

  99. 

  100.   /* CC = OMAC_K^2(C) */
    101. 

  101.   cmac_compute_n(&cmac, 2, cipher, ncipher, CC);
    102. 

  102. 

  103.   uint8_t tt[CF_MAXBLOCK];
    104. 

  104.   assert(ntag && ntag <= prp->blocksz);
    105. 

  105.   for (size_t i = 0; i < ntag; i++)
    106. 

  106.     tt[i] = NN[i] ^ CC[i] ^ HH[i];
    107. 

  107. 

  108.   if (!mem_eq(tt, tag, ntag))
    109. 

  109.     return 1;
    110. 

  110. 

  111.   cf_ctr ctr;
    112. 

  112.   cf_ctr_init(&ctr, prp, prpctx, NN);
    113. 

  113.   cf_ctr_cipher(&ctr, cipher, plain, ncipher);
    114. 

  114.   return 0;
    115. 

  115. }
    116.