cmac.c 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
  3. /*
  4. ---------------------------------------------------------------------------
  5. Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved.
  6. LICENSE TERMS
  7. The redistribution and use of this software (with or without changes)
  8. is allowed without the payment of fees or royalties provided that:
  9. 1. source code distributions include the above copyright notice, this
  10. list of conditions and the following disclaimer;
  11. 2. binary distributions include the above copyright notice, this list
  12. of conditions and the following disclaimer in their documentation;
  13. 3. the name of the copyright holder is not used to endorse products
  14. built using this software without specific written permission.
  15. DISCLAIMER
  16. This software is provided 'as is' with no explicit or implied warranties
  17. in respect of its properties, including, but not limited to, correctness
  18. and/or fitness for purpose.
  19. ---------------------------------------------------------------------------
  20. Issue Date: 6/10/2008
  21. */
  22. #include <stddef.h>
  23. #include "cmac.h"
  24. #include "aes.h"
  25. unsigned char const_Rb[16] = {
  26. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  27. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
  28. };
  29. unsigned char const_Zero[16] = {
  30. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  31. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  32. };
  33. void xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
  34. {
  35. int i;
  36. for (i = 0 ; i < 16 ; i++)
  37. out[i] = a[i] ^ b[i];
  38. }
  39. /* AES-CMAC Generation Function */
  40. void leftshift_onebit(unsigned char *input,unsigned char *output)
  41. {
  42. int i;
  43. unsigned char overflow = 0;
  44. for (i = 15; i >= 0 ; i--) {
  45. output[i] = input[i] << 1;
  46. output[i] |= overflow;
  47. overflow = (input[i] & 0x80)?1:0;
  48. }
  49. }
  50. void generate_subkey(unsigned char *key, unsigned char *K1, unsigned char *K2)
  51. {
  52. unsigned char L[16];
  53. unsigned char Z[16];
  54. unsigned char tmp[16];
  55. int i;
  56. for ( i = 0 ; i < 16 ; i++) Z[i] = 0;
  57. AES aes;
  58. AESSetKey(&aes, key, 16, NULL, AES_ENCRYPTION);
  59. AESEncrypt(&aes, Z, L);
  60. if ((L[0] & 0x80) == 0) {
  61. /* If MSB(L) = 0, then K1 = L << 1 */
  62. leftshift_onebit(L,K1);
  63. } else {
  64. /* Else K1 = ( L << 1 ) (+) Rb */
  65. leftshift_onebit(L,tmp);
  66. xor_128(tmp,const_Rb,K1);
  67. }
  68. if ((K1[0] & 0x80) == 0) {
  69. leftshift_onebit(K1,K2);
  70. } else {
  71. leftshift_onebit(K1,tmp);
  72. xor_128(tmp,const_Rb,K2);
  73. }
  74. }
  75. void padding (unsigned char *lastb, unsigned char *pad, int length)
  76. {
  77. int j;
  78. /* original last block */
  79. for ( j = 0 ; j < 16 ; j++) {
  80. if (j < length) {
  81. pad[j] = lastb[j];
  82. } else if (j == length) {
  83. pad[j] = 0x80;
  84. } else {
  85. pad[j] = 0x00;
  86. }
  87. }
  88. }
  89. #include "api.h"
  90. void AES_CMAC (unsigned char *key, unsigned char *input, int length,
  91. unsigned char *mac)
  92. {
  93. unsigned char X[16],Y[16], M_last[16], padded[16];
  94. unsigned char K1[16], K2[16];
  95. int n, i, flag;
  96. generate_subkey(key, K1, K2);
  97. n = (length+15) / 16; /* n is number of rounds */
  98. if (n == 0) {
  99. n = 1;
  100. flag = 0;
  101. } else {
  102. if ((length%16) == 0) {
  103. /* last block is a complete block */
  104. flag = 1;
  105. } else {
  106. /* last block is not complete block */
  107. flag = 0;
  108. }
  109. }
  110. if (flag) {
  111. /* last block is complete block */
  112. xor_128(&input[16*(n-1)], K1, M_last);
  113. } else {
  114. padding(&input[16*(n-1)],padded,length%16);
  115. xor_128(padded, K2, M_last);
  116. }
  117. AES aes;
  118. AESSetKey(&aes, key, 16, NULL, AES_ENCRYPTION);
  119. for (i = 0 ; i < 16; i++) X[i] = 0;
  120. for (i = 0 ; i < n - 1; i++) {
  121. xor_128(X, &input[16 * i], Y); /* Y := Mi (+) X */
  122. AESEncrypt(&aes, Y, X); /* X := AES-128(KEY, Y); */
  123. }
  124. xor_128(X, M_last, Y);
  125. AESEncrypt(&aes, Y, X);
  126. for (i = 0; i < 16; i++)
  127. mac[i] = X[i];
  128. }