Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: b5b403225c
Branches Tags
graphene
/
Pal
/
lib
/
crypto
/
wolfssl
/
cmac.c

cmac.c 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160 
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
    2. 

  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
    3. 

  3. 

  4. /*
    5. 

  5.  ---------------------------------------------------------------------------
    6. 

  6.  Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
    7. 

  7. 

  8.  LICENSE TERMS
    9. 

  9. 

  10.  The redistribution and use of this software (with or without changes)
    11. 

  11.  is allowed without the payment of fees or royalties provided that:
    12. 

  12. 

  13.   1. source code distributions include the above copyright notice, this
    14. 

  14.      list of conditions and the following disclaimer;
    15. 

  15. 

  16.   2. binary distributions include the above copyright notice, this list
    17. 

  17.      of conditions and the following disclaimer in their documentation;
    18. 

  18. 

  19.   3. the name of the copyright holder is not used to endorse products
    20. 

  20.      built using this software without specific written permission.
    21. 

  21. 

  22.  DISCLAIMER
    23. 

  23. 

  24.  This software is provided 'as is' with no explicit or implied warranties
    25. 

  25.  in respect of its properties, including, but not limited to, correctness
    26. 

  26.  and/or fitness for purpose.
    27. 

  27.  ---------------------------------------------------------------------------
    28. 

  28.  Issue Date: 6/10/2008
    29. 

  29. */
    30. 

  30. 

  31. #include <stddef.h>
    32. 

  32. 

  33. #include "cmac.h"
    34. 

  34. #include "aes.h"
    35. 

  35. 

  36. unsigned char const_Rb[16] = {
    37. 

  37.     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    38. 

  38.     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
    39. 

  39. };
    40. 

  40. unsigned char const_Zero[16] = {
    41. 

  41.     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
    42. 

  42.     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
    43. 

  43. };
    44. 

  44. 

  45. void xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
    46. 

  46. {
    47. 

  47.     int i;
    48. 

  48.     for (i = 0 ; i < 16 ; i++)
    49. 

  49.         out[i] = a[i] ^ b[i];
    50. 

  50. }
    51. 

  51. 

  52. /* AES-CMAC Generation Function */
    53. 

  53. 

  54. void leftshift_onebit(unsigned char *input,unsigned char *output)
    55. 

  55. {
    56. 

  56.     int i;
    57. 

  57.     unsigned char overflow = 0;
    58. 

  58. 

  59.     for (i = 15; i >= 0 ; i--) {
    60. 

  60.         output[i] = input[i] << 1;
    61. 

  61.         output[i] |= overflow;
    62. 

  62.         overflow = (input[i] & 0x80)?1:0;
    63. 

  63.     }
    64. 

  64. }
    65. 

  65. 

  66. void generate_subkey(unsigned char *key, unsigned char *K1, unsigned char *K2)
    67. 

  67. {
    68. 

  68.     unsigned char L[16];
    69. 

  69.     unsigned char Z[16];
    70. 

  70.     unsigned char tmp[16];
    71. 

  71.     int i;
    72. 

  72. 

  73.     for ( i = 0 ; i < 16 ; i++) Z[i] = 0;
    74. 

  74. 

  75.     AES aes;
    76. 

  76.     AESSetKey(&aes, key, 16, NULL, AES_ENCRYPTION);
    77. 

  77. 

  78.     AESEncrypt(&aes, Z, L);
    79. 

  79. 

  80.     if ((L[0] & 0x80) == 0) {
    81. 

  81.         /* If MSB(L) = 0, then K1 = L << 1 */
    82. 

  82.         leftshift_onebit(L,K1);
    83. 

  83.     } else {
    84. 

  84.         /* Else K1 = ( L << 1 ) (+) Rb */
    85. 

  85.         leftshift_onebit(L,tmp);
    86. 

  86.         xor_128(tmp,const_Rb,K1);
    87. 

  87.     }
    88. 

  88. 

  89.     if ((K1[0] & 0x80) == 0) {
    90. 

  90.         leftshift_onebit(K1,K2);
    91. 

  91.     } else {
    92. 

  92.         leftshift_onebit(K1,tmp);
    93. 

  93.         xor_128(tmp,const_Rb,K2);
    94. 

  94.     }
    95. 

  95. }
    96. 

  96. 

  97. void padding (unsigned char *lastb, unsigned char *pad, int length)
    98. 

  98. {
    99. 

  99.     int j;
    100. 

  100. 

  101.     /* original last block */
    102. 

  102.     for ( j = 0 ; j < 16 ; j++) {
    103. 

  103.         if (j < length) {
    104. 

  104.             pad[j] = lastb[j];
    105. 

  105.         } else if (j == length) {
    106. 

  106.             pad[j] = 0x80;
    107. 

  107.         } else {
    108. 

  108.             pad[j] = 0x00;
    109. 

  109.         }
    110. 

  110.     }
    111. 

  111. }
    112. 

  112. 

  113. #include "api.h"
    114. 

  114. 

  115. void AES_CMAC (unsigned char *key, unsigned char *input, int length,
    116. 

  116.                unsigned char *mac)
    117. 

  117. {
    118. 

  118.     unsigned char X[16],Y[16], M_last[16], padded[16];
    119. 

  119.     unsigned char K1[16], K2[16];
    120. 

  120.     int n, i, flag;
    121. 

  121.     generate_subkey(key, K1, K2);
    122. 

  122. 

  123.     n = (length+15) / 16;       /* n is number of rounds */
    124. 

  124. 

  125.     if (n == 0) {
    126. 

  126.         n = 1;
    127. 

  127.         flag = 0;
    128. 

  128.     } else {
    129. 

  129.         if ((length%16) == 0) {
    130. 

  130.             /* last block is a complete block */
    131. 

  131.             flag = 1;
    132. 

  132.         } else {
    133. 

  133.             /* last block is not complete block */
    134. 

  134.             flag = 0;
    135. 

  135.         }
    136. 

  136.     }
    137. 

  137. 

  138.     if (flag) {
    139. 

  139.         /* last block is complete block */
    140. 

  140.         xor_128(&input[16*(n-1)], K1, M_last);
    141. 

  141.     } else {
    142. 

  142.         padding(&input[16*(n-1)],padded,length%16);
    143. 

  143.         xor_128(padded, K2, M_last);
    144. 

  144.     }
    145. 

  145. 

  146.     AES aes;
    147. 

  147.     AESSetKey(&aes, key, 16, NULL, AES_ENCRYPTION);
    148. 

  148. 

  149.     for (i = 0 ; i < 16; i++) X[i] = 0;
    150. 

  150.     for (i = 0 ; i < n - 1; i++) {
    151. 

  151.         xor_128(X, &input[16 * i], Y); /* Y := Mi (+) X  */
    152. 

  152.         AESEncrypt(&aes, Y, X); /* X := AES-128(KEY, Y); */ 
    153. 

  153.     }
    154. 

  154. 

  155.     xor_128(X, M_last, Y);
    156. 

  156.     AESEncrypt(&aes, Y, X);
    157. 

  157. 

  158.     for (i = 0; i < 16; i++)
    159. 

  159.         mac[i] = X[i];
    160. 

  160. }
    161.