3 This file is part of the ARM-Crypto-Lib.
4 Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "bcal-basic.h"
24 #include "bcal-cmac.h"
28 static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){
32 c2 = (((uint8_t*)block)[blocksize_B])>>7;
33 (((uint8_t*)block)[blocksize_B]) <<= 1;
34 (((uint8_t*)block)[blocksize_B]) |= c1;
40 static const uint8_t const_128 = 0x87;
41 static const uint8_t const_64 = 0x1b;
43 uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){
45 ctx->desc = (bcdesc_t*)desc;
46 ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8;
47 if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){
50 ctx->accu = malloc(ctx->blocksize_B);
54 ctx->k1 = malloc(ctx->blocksize_B);
58 ctx->k2 = malloc(ctx->blocksize_B);
62 ctx->lastblock = malloc(ctx->blocksize_B);
63 if(ctx->lastblock==NULL){
66 r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
70 if(ctx->blocksize_B==128/8){
75 /* subkey computation */
76 memset(ctx->accu, 0x00, ctx->blocksize_B);
77 memset(ctx->k1, 0x00, ctx->blocksize_B);
78 bcal_cipher_enc(ctx->k1, &(ctx->cctx));
79 if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){
80 ctx->k1[ctx->blocksize_B-1] ^= r;
82 memcpy(ctx->k2, ctx->k1, ctx->blocksize_B);
83 if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){
84 ctx->k2[ctx->blocksize_B-1] ^= r;
90 void bcal_cmac_free(bcal_cmac_ctx_t* ctx){
94 bcal_cipher_free(&(ctx->cctx));
97 void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
99 memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
100 bcal_cipher_enc(ctx->accu, &(ctx->cctx));
102 memcpy(ctx->lastblock, block, ctx->blocksize_B);
107 void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
108 uint16_t blocksize_b;
109 blocksize_b = ctx->blocksize_B*8;
110 while(length_b>=blocksize_b){
111 bcal_cmac_nextBlock(ctx, block);
112 block = (uint8_t*)block + ctx->blocksize_B;
113 length_b -= blocksize_b;
115 if(ctx->last_set==0){
116 memxor(ctx->accu, block, (length_b+7)/8);
117 memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
118 ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
121 memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
122 memxor(ctx->accu, ctx->k1, ctx->blocksize_B);
124 memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
125 bcal_cipher_enc(ctx->accu, &(ctx->cctx));
126 memxor(ctx->accu, block, (length_b+7)/8);
127 memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
128 ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
131 bcal_cipher_enc(ctx->accu, &(ctx->cctx));
134 void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){
135 memcpy(dest, ctx->accu, length_b/8);
137 ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7);
138 ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]);
142 void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){
143 uint16_t blocksize_b;
144 blocksize_b = ctx->blocksize_B*8;
145 while(length_b>blocksize_b){
146 bcal_cmac_nextBlock(ctx, block);
147 block = (uint8_t*)block + ctx->blocksize_B;
148 length_b -= blocksize_b;
150 bcal_cmac_lastBlock(ctx, block, length_b);
151 bcal_cmac_ctx2mac(dest, out_length_b, ctx);