--- /dev/null
+/* aes.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_H_
+#define AES_H_
+
+#include <stdint.h>
+
+#include "aes_types.h"
+#include "aes128_enc.h"
+#include "aes192_enc.h"
+#include "aes256_enc.h"
+#include "aes128_dec.h"
+#include "aes192_dec.h"
+#include "aes256_dec.h"
+#include "aes_enc.h"
+#include "aes_dec.h"
+#include "aes_keyschedule.h"
+
+#endif
--- /dev/null
+/* aes128_dec.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes128_dec.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_dec.h"
+
+void aes128_dec(void* buffer, aes128_ctx_t* ctx){
+ aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 10);
+}
+
--- /dev/null
+/* aes128_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes128_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES128_DEC_H_
+#define AES128_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 128 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 128 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes128_dec(void* buffer, aes128_ctx_t* ctx);
+
+
+
+#endif /* AES128_DEC_H_ */
--- /dev/null
+/* aes128_enc.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes128_enc.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_enc.h"
+
+void aes128_enc(void* buffer, aes128_ctx_t* ctx){
+ aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 10);
+}
+
--- /dev/null
+/* aes128_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes128_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES128_ENC_H_
+#define AES128_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 128 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 128 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes128_enc(void* buffer, aes128_ctx_t* ctx);
+
+
+
+#endif /* AES128_ENC_H_ */
--- /dev/null
+/* aes192_dec.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes192_dec.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_dec.h"
+
+void aes192_dec(void* buffer, aes192_ctx_t* ctx){
+ aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 12);
+}
+
--- /dev/null
+/* aes192_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes192_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES192_DEC_H_
+#define AES192_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 192 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 192 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes192_dec(void* buffer, aes192_ctx_t* ctx);
+
+
+
+#endif /* AES192_DEC_H_ */
--- /dev/null
+/* aes192_enc.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes192_enc.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_enc.h"
+
+void aes192_enc(void* buffer, aes192_ctx_t* ctx){
+ aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 12);
+}
+
--- /dev/null
+/* aes192_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes192_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES192_ENC_H_
+#define AES192_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 192 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 192 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes192_enc(void* buffer, aes192_ctx_t* ctx);
+
+
+
+#endif /* AES192_ENC_H_ */
--- /dev/null
+/* aes256_dec.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes256_dec.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_dec.h"
+
+void aes256_dec(void* buffer, aes256_ctx_t* ctx){
+ aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 14);
+}
+
--- /dev/null
+/* aes256_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes256_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES256_DEC_H_
+#define AES256_DEC_H_
+
+#include "aes_types.h"
+#include "aes_dec.h"
+
+/**
+ * \brief decrypt with 256 bit key.
+ *
+ * This function decrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 256 bit key.
+ * \param buffer pointer to the block to decrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes256_dec(void* buffer, aes256_ctx_t* ctx);
+
+
+
+#endif /* AES256_DEC_H_ */
--- /dev/null
+/* aes256_enc.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes256_enc.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ *
+ */
+
+#include "aes.h"
+#include "aes_enc.h"
+
+void aes256_enc(void* buffer, aes256_ctx_t* ctx){
+ aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 14);
+}
+
--- /dev/null
+/* aes256_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes256_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-31
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+#ifndef AES256_ENC_H_
+#define AES256_ENC_H_
+
+#include "aes_types.h"
+#include "aes_enc.h"
+
+
+/**
+ * \brief encrypt with 256 bit key.
+ *
+ * This function encrypts one block with the AES algorithm under control of
+ * a keyschedule produced from a 256 bit key.
+ * \param buffer pointer to the block to encrypt
+ * \param ctx pointer to the key schedule
+ */
+void aes256_enc(void* buffer, aes256_ctx_t* ctx);
+
+
+
+#endif /* AES256_ENC_H_ */
--- /dev/null
+/* aes.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "gf256mul.h"
+#include "aes.h"
+#include "aes_invsbox.h"
+#include "aes_dec.h"
+
+void aes_invshiftrow(void* data, uint8_t shift){
+ uint8_t tmp[4];
+ tmp[0] = ((uint8_t*)data)[(4+0-shift)&3];
+ tmp[1] = ((uint8_t*)data)[(4+1-shift)&3];
+ tmp[2] = ((uint8_t*)data)[(4+2-shift)&3];
+ tmp[3] = ((uint8_t*)data)[(4+3-shift)&3];
+ memcpy(data, tmp, 4);
+}
+
+void aes_invshiftcol(void* data, uint8_t shift){
+ uint8_t tmp[4];
+ tmp[0] = ((uint8_t*)data)[ 0];
+ tmp[1] = ((uint8_t*)data)[ 4];
+ tmp[2] = ((uint8_t*)data)[ 8];
+ tmp[3] = ((uint8_t*)data)[12];
+ ((uint8_t*)data)[ 0] = tmp[(4-shift+0)&3];
+ ((uint8_t*)data)[ 4] = tmp[(4-shift+1)&3];
+ ((uint8_t*)data)[ 8] = tmp[(4-shift+2)&3];
+ ((uint8_t*)data)[12] = tmp[(4-shift+3)&3];
+}
+static
+void aes_dec_round(aes_cipher_state_t* state, const aes_roundkey_t* k){
+ uint8_t tmp[16];
+ uint8_t i;
+ uint8_t t,u,v,w;
+ /* keyAdd */
+ for(i=0; i<16; ++i){
+ tmp[i] = state->s[i] ^ k->ks[i];
+ }
+ /* mixColums */
+ for(i=0; i<4; ++i){
+ t = tmp[4*i+3] ^ tmp[4*i+2];
+ u = tmp[4*i+1] ^ tmp[4*i+0];
+ v = t ^ u;
+ v = gf256mul(0x09, v, 0x1b);
+ w = v ^ gf256mul(0x04, tmp[4*i+2] ^ tmp[4*i+0], 0x1b);
+ v = v ^ gf256mul(0x04, tmp[4*i+3] ^ tmp[4*i+1], 0x1b);
+ state->s[4*i+3] = tmp[4*i+3] ^ v ^ gf256mul(0x02, tmp[4*i+0] ^ tmp[4*i+3], 0x1b);
+ state->s[4*i+2] = tmp[4*i+2] ^ w ^ gf256mul(0x02, t, 0x1b);
+ state->s[4*i+1] = tmp[4*i+1] ^ v ^ gf256mul(0x02, tmp[4*i+2] ^ tmp[4*i+1], 0x1b);
+ state->s[4*i+0] = tmp[4*i+0] ^ w ^ gf256mul(0x02, u, 0x1b);
+
+ /*
+ state->s[4*i+0] =
+ gf256mul(0xe, tmp[4*i+0], 0x1b)
+ ^ gf256mul(0xb, tmp[4*i+1], 0x1b)
+ ^ gf256mul(0xd, tmp[4*i+2], 0x1b)
+ ^ gf256mul(0x9, tmp[4*i+3], 0x1b);
+ state->s[4*i+1] =
+ gf256mul(0x9, tmp[4*i+0], 0x1b)
+ ^ gf256mul(0xe, tmp[4*i+1], 0x1b)
+ ^ gf256mul(0xb, tmp[4*i+2], 0x1b)
+ ^ gf256mul(0xd, tmp[4*i+3], 0x1b);
+ state->s[4*i+2] =
+ gf256mul(0xd, tmp[4*i+0], 0x1b)
+ ^ gf256mul(0x9, tmp[4*i+1], 0x1b)
+ ^ gf256mul(0xe, tmp[4*i+2], 0x1b)
+ ^ gf256mul(0xb, tmp[4*i+3], 0x1b);
+ state->s[4*i+3] =
+ gf256mul(0xb, tmp[4*i+0], 0x1b)
+ ^ gf256mul(0xd, tmp[4*i+1], 0x1b)
+ ^ gf256mul(0x9, tmp[4*i+2], 0x1b)
+ ^ gf256mul(0xe, tmp[4*i+3], 0x1b);
+ */
+ }
+ /* shiftRows */
+ aes_invshiftcol(state->s+1, 1);
+ aes_invshiftcol(state->s+2, 2);
+ aes_invshiftcol(state->s+3, 3);
+ /* subBytes */
+ for(i=0; i<16; ++i){
+ state->s[i] = aes_invsbox[state->s[i]];
+ }
+}
+
+
+static
+void aes_dec_firstround(aes_cipher_state_t* state, const aes_roundkey_t* k){
+ uint8_t i;
+ /* keyAdd */
+ for(i=0; i<16; ++i){
+ state->s[i] ^= k->ks[i];
+ }
+ /* shiftRows */
+ aes_invshiftcol(state->s+1, 1);
+ aes_invshiftcol(state->s+2, 2);
+ aes_invshiftcol(state->s+3, 3);
+ /* subBytes */
+ for(i=0; i<16; ++i){
+ state->s[i] = aes_invsbox[state->s[i]];
+ }
+}
+
+void aes_decrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds){
+ uint8_t i;
+ aes_dec_firstround(state, &(ks->key[i=rounds]));
+ for(;rounds>1;--rounds){
+ --i;
+ aes_dec_round(state, &(ks->key[i]));
+ }
+ for(i=0; i<16; ++i){
+ state->s[i] ^= ks->key[0].ks[i];
+ }
+}
--- /dev/null
+/* aes_dec.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_dec.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_DEC_H_
+#define AES_DEC_H_
+#include "aes_types.h"
+#include <stdint.h>
+
+
+void aes_decrypt_core(aes_cipher_state_t* state,const aes_genctx_t* ks, uint8_t rounds);
+
+
+#endif
--- /dev/null
+/* aes_enc.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_enc.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include "aes.h"
+#include "gf256mul.h"
+#include "aes_sbox.h"
+#include "aes_enc.h"
+
+void aes_shiftcol(void* data, uint8_t shift){
+ uint8_t tmp[4];
+ tmp[0] = ((uint8_t*)data)[ 0];
+ tmp[1] = ((uint8_t*)data)[ 4];
+ tmp[2] = ((uint8_t*)data)[ 8];
+ tmp[3] = ((uint8_t*)data)[12];
+ ((uint8_t*)data)[ 0] = tmp[(shift+0)&3];
+ ((uint8_t*)data)[ 4] = tmp[(shift+1)&3];
+ ((uint8_t*)data)[ 8] = tmp[(shift+2)&3];
+ ((uint8_t*)data)[12] = tmp[(shift+3)&3];
+}
+
+#define GF256MUL_1(a) (a)
+#define GF256MUL_2(a) (gf256mul(2, (a), 0x1b))
+#define GF256MUL_3(a) (gf256mul(3, (a), 0x1b))
+
+static
+void aes_enc_round(aes_cipher_state_t* state, const aes_roundkey_t* k){
+ uint8_t tmp[16], t;
+ uint8_t i;
+ /* subBytes */
+ for(i=0; i<16; ++i){
+ tmp[i] = aes_sbox[state->s[i]];
+ }
+ /* shiftRows */
+ aes_shiftcol(tmp+1, 1);
+ aes_shiftcol(tmp+2, 2);
+ aes_shiftcol(tmp+3, 3);
+ /* mixColums */
+ for(i=0; i<4; ++i){
+ t = tmp[4*i+0] ^ tmp[4*i+1] ^ tmp[4*i+2] ^ tmp[4*i+3];
+ state->s[4*i+0] =
+ GF256MUL_2(tmp[4*i+0]^tmp[4*i+1])
+ ^ tmp[4*i+0]
+ ^ t;
+ state->s[4*i+1] =
+ GF256MUL_2(tmp[4*i+1]^tmp[4*i+2])
+ ^ tmp[4*i+1]
+ ^ t;
+ state->s[4*i+2] =
+ GF256MUL_2(tmp[4*i+2]^tmp[4*i+3])
+ ^ tmp[4*i+2]
+ ^ t;
+ state->s[4*i+3] =
+ GF256MUL_2(tmp[4*i+3]^tmp[4*i+0])
+ ^ tmp[4*i+3]
+ ^ t;
+ }
+
+ /* addKey */
+ for(i=0; i<16; ++i){
+ state->s[i] ^= k->ks[i];
+ }
+}
+
+
+static
+void aes_enc_lastround(aes_cipher_state_t* state,const aes_roundkey_t* k){
+ uint8_t i;
+ /* subBytes */
+ for(i=0; i<16; ++i){
+ state->s[i] = aes_sbox[state->s[i]];
+ }
+ /* shiftRows */
+ aes_shiftcol(state->s+1, 1);
+ aes_shiftcol(state->s+2, 2);
+ aes_shiftcol(state->s+3, 3);
+ /* keyAdd */
+ for(i=0; i<16; ++i){
+ state->s[i] ^= k->ks[i];
+ }
+}
+
+void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds){
+ uint8_t i;
+ for(i=0; i<16; ++i){
+ state->s[i] ^= ks->key[0].ks[i];
+ }
+ i=1;
+ for(;rounds>1;--rounds){
+ aes_enc_round(state, &(ks->key[i]));
+ ++i;
+ }
+ aes_enc_lastround(state, &(ks->key[i]));
+}
--- /dev/null
+/* aes_enc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_enc.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_ENC_H_
+#define AES_ENC_H_
+#include "aes_types.h"
+#include <stdint.h>
+
+
+void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds);
+
+
+#endif
--- /dev/null
+/* aes inverted sbox */
+
+#include <stdint.h>
+
+const uint8_t aes_invsbox[256] = {
+ 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+ 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+ 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+ 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+ 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+ 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+ 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+ 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+ 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+ 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+ 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+ 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+ 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+ 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+ 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
--- /dev/null
+/* aes_invsbox.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_invsbox.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_INVSBOX_H_
+#define AES_INVSBOX_H_
+#include <stdint.h>
+
+extern uint8_t aes_invsbox[];
+
+#endif
--- /dev/null
+/* aes_keyschedule.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_keyschedule.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdint.h>
+#include "aes.h"
+#include "aes_keyschedule.h"
+#include "aes_sbox.h"
+#include <string.h>
+
+static
+void aes_rotword(void* a){
+ uint8_t t;
+ t=((uint8_t*)a)[0];
+ ((uint8_t*)a)[0] = ((uint8_t*)a)[1];
+ ((uint8_t*)a)[1] = ((uint8_t*)a)[2];
+ ((uint8_t*)a)[2] = ((uint8_t*)a)[3];
+ ((uint8_t*)a)[3] = t;
+}
+
+uint8_t rc_tab[] = { 0x01, 0x02, 0x04, 0x08,
+ 0x10, 0x20, 0x40, 0x80,
+ 0x1b, 0x36 };
+
+void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx){
+ uint8_t hi,i,nk, next_nk;
+ uint8_t rc=0;
+ union {
+ uint32_t v32;
+ uint8_t v8[4];
+ } tmp;
+ nk=keysize_b>>5; /* 4, 6, 8 */
+ hi=4*(nk+6+1);
+ memcpy(ctx, key, keysize_b/8);
+ next_nk = nk;
+ for(i=nk;i<hi;++i){
+ tmp.v32 = ((uint32_t*)(ctx->key[0].ks))[i-1];
+ if(i!=next_nk){
+ if(nk==8 && i%8==4){
+ tmp.v8[0] = aes_sbox[tmp.v8[0]];
+ tmp.v8[1] = aes_sbox[tmp.v8[1]];
+ tmp.v8[2] = aes_sbox[tmp.v8[2]];
+ tmp.v8[3] = aes_sbox[tmp.v8[3]];
+ }
+ } else {
+ next_nk += nk;
+ aes_rotword(&(tmp.v32));
+ tmp.v8[0] = aes_sbox[tmp.v8[0]];
+ tmp.v8[1] = aes_sbox[tmp.v8[1]];
+ tmp.v8[2] = aes_sbox[tmp.v8[2]];
+ tmp.v8[3] = aes_sbox[tmp.v8[3]];
+ tmp.v8[0] ^= rc_tab[rc];
+ rc++;
+ }
+ ((uint32_t*)(ctx->key[0].ks))[i] = ((uint32_t*)(ctx->key[0].ks))[i-nk]
+ ^ tmp.v32;
+ }
+}
+
+void aes128_init(const void* key, aes128_ctx_t* ctx){
+ aes_init(key, 128, (aes_genctx_t*)ctx);
+}
+
+void aes192_init(const void* key, aes192_ctx_t* ctx){
+ aes_init(key, 192, (aes_genctx_t*)ctx);
+}
+
+void aes256_init(const void* key, aes256_ctx_t* ctx){
+ aes_init(key, 256, (aes_genctx_t*)ctx);
+}
--- /dev/null
+/* aes_keyschedule.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_keyschedule.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ * \ingroup AES
+ */
+
+
+#ifndef AES_KEYSCHEDULE_H_
+#define AES_KEYSCHEDULE_H_
+
+#include "aes_types.h"
+/**
+ * \brief initialize the keyschedule
+ *
+ * This function computes the keyschedule from a given key with a given length
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param keysize_b length of the key in bits (valid are 128, 192 and 256)
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 128 bit key
+ *
+ * This function computes the keyschedule from a given 128 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes128_init(const void* key, aes128_ctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 192 bit key
+ *
+ * This function computes the keyschedule from a given 192 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes192_init(const void* key, aes192_ctx_t* ctx);
+
+/**
+ * \brief initialize the keyschedule for 256 bit key
+ *
+ * This function computes the keyschedule from a given 256 bit key
+ * and stores it in the context variable
+ * \param key pointer to the key material
+ * \param ctx pointer to the context where the keyschedule should be stored
+ */
+void aes256_init(const void* key, aes256_ctx_t* ctx);
+
+#endif /* AES_KEYSCHEDULE_H_ */
+
--- /dev/null
+/* aes sbox */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+const uint8_t aes_sbox[256] = {
+ 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+ 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+ 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+ 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+ 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+ 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+ 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+ 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+ 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+ 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+ 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+ 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+ 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+ 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+ 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+ 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
--- /dev/null
+/* aes_sbox.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_sbox.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_SBOX_H_
+#define AES_SBOX_H_
+#include <stdint.h>
+
+extern uint8_t aes_sbox[];
+
+#endif
--- /dev/null
+/* aes.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file aes_types.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2008-12-30
+ * \license GPLv3 or later
+ *
+ */
+#ifndef AES_TYPES_H_
+#define AES_TYPES_H_
+
+#include <stdint.h>
+
+typedef struct{
+ uint8_t ks[16];
+} aes_roundkey_t;
+
+typedef struct{
+ aes_roundkey_t key[10+1];
+} aes128_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[12+1];
+} aes192_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[14+1];
+} aes256_ctx_t;
+
+typedef struct{
+ aes_roundkey_t key[1]; /* just to avoid the warning */
+} aes_genctx_t;
+
+typedef struct{
+ uint8_t s[16];
+} aes_cipher_state_t;
+
+#endif
--- /dev/null
+/* gf256mul.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+
+uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){
+ uint8_t r=0;
+ while(a&0xFE){
+ if(a&1){
+ r ^= b;
+ }
+ a >>= 1;
+ if(b&0x80){
+ b <<= 1;
+ b ^= reducer;
+ }else{
+ b <<= 1;
+ }
+ }
+ if(a&1){
+ r ^= b;
+ }
+ return r;
+}
--- /dev/null
+/* gf256mul.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+#ifndef GF256MUL_H_
+#define GF256MUL_H_
+
+/**
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2008-12-19
+ * \license GPLv3
+ * \brief
+ *
+ *
+ */
+
+#include <stdint.h>
+
+uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer);
+
+#endif /* GF256MUL_H_ */
+
--- /dev/null
+#include <stdint.h>
+
+#include "memxor.h"
+
+void memxor(void* dest, const void* src, uint16_t n){
+ while(n--){
+ *((uint8_t*)dest) ^= *((uint8_t*)src);
+ dest = (uint8_t*)dest +1;
+ src = (uint8_t*)src +1;
+ }
+}
+
--- /dev/null
+/* bcal-basic.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "blockcipher_descriptor.h"
+#include "keysize_descriptor.h"
+
+uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
+ const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx){
+ if(!is_valid_keysize_P(cipher_descriptor->valid_keysize_desc, keysize_b)){
+ return 1;
+ }
+ uint8_t flags;
+ bc_init_fpt init_fpt;
+ ctx->desc_ptr = (bcdesc_t*)cipher_descriptor;
+ ctx->keysize = keysize_b;
+ flags = cipher_descriptor->flags;
+ init_fpt.initvoid = (void_fpt)(cipher_descriptor->init.initvoid);
+ if(init_fpt.initvoid == NULL){
+ if(!(ctx->ctx = malloc((keysize_b+7)/8)))
+ return 2;
+ memcpy(ctx->ctx, key, (keysize_b+7)/8);
+ return 0;
+ }
+ if(!(ctx->ctx = malloc(cipher_descriptor->ctxsize_B)))
+ return 3;
+ if((flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
+ init_fpt.init1((void*)key, (ctx->ctx));
+ }else{
+ init_fpt.init2((void*)key, keysize_b, (ctx->ctx));
+ }
+ return 0;
+}
+
+void bcal_cipher_free(bcgen_ctx_t* ctx){
+ if(!ctx)
+ return;
+ bc_free_fpt free_fpt;
+ free_fpt = (bc_free_fpt)(ctx->desc_ptr->free);
+ if(free_fpt)
+ free_fpt((ctx->ctx));
+ free(ctx->ctx);
+}
+
+void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx){
+ bc_enc_fpt enc_fpt;
+ enc_fpt.encvoid = (void_fpt)(ctx->desc_ptr->enc.encvoid);
+ if(!enc_fpt.encvoid){
+ /* very bad error, no enciphering function specified */
+ return;
+ }
+ enc_fpt.enc1(block, (ctx->ctx));
+
+}
+
+void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx){
+ bc_dec_fpt dec_fpt;
+ dec_fpt.decvoid = (void_fpt)(ctx->desc_ptr->dec.decvoid);
+ if(!dec_fpt.decvoid){
+ /* very bad error, no deciphering function specified */
+ return;
+ }
+ dec_fpt.dec1(block, (ctx->ctx));
+}
+
+uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc){
+ return (desc->blocksize_b);
+}
+
+const void* bcal_cipher_getKeysizeDesc(const bcdesc_t* desc){
+ return (desc->valid_keysize_desc);
+}
+
+
--- /dev/null
+/* bcal-basic.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCAL_BASIC_H_
+#define BCAL_BASIC_H_
+
+#include <stdlib.h>
+#include <stdint.h>
+#include "blockcipher_descriptor.h"
+#include "keysize_descriptor.h"
+
+uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor,
+ const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx);
+void bcal_cipher_free(bcgen_ctx_t* ctx);
+void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx);
+void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx);
+uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc);
+const void* bcal_cipher_getKeysizeDesc(const bcdesc_t* desc);
+#endif /* BCAL_BASIC_H_ */
--- /dev/null
+/* bcal-cbc.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-cbc.h"
+#include "bcal-basic.h"
+#include "memxor.h"
+
+uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->prev_block = malloc(ctx->blocksize_B);
+
+ if(ctx->prev_block==NULL){
+ return 0x11;
+ }
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_cbc_free(bcal_cbc_ctx_t* ctx){
+ bcal_cipher_free(&(ctx->cctx));
+ free(ctx->prev_block);
+}
+
+
+void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->prev_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx){
+ memxor(block, ctx->prev_block, ctx->blocksize_B);
+ bcal_cipher_enc(block, &(ctx->cctx));
+ memcpy(ctx->prev_block, block, ctx->blocksize_B);
+}
+
+void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ memcpy(tmp, block, ctx->blocksize_B);
+ bcal_cipher_dec(block, &(ctx->cctx));
+ memxor(block, ctx->prev_block, ctx->blocksize_B);
+ memcpy(ctx->prev_block, tmp, ctx->blocksize_B);
+}
+void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx){
+ bcal_cipher_dec(block, &(ctx->cctx));
+ memxor(block, prev_block, ctx->blocksize_B);
+}
+
+void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
+ bcal_cbc_loadIV(iv, ctx);
+ while(msg_blocks--){
+ bcal_cbc_encNext(msg, ctx);
+ msg = (uint8_t*)msg + ctx->blocksize_B;
+ }
+}
+
+void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){
+ msg=(uint8_t*)msg + (msg_blocks-1)*ctx->blocksize_B;
+ while(msg_blocks > 1){
+ bcal_cbc_decRand(msg, (uint8_t*)msg-ctx->blocksize_B, ctx);
+ msg_blocks -= 1;
+ msg=(uint8_t*)msg-ctx->blocksize_B;
+ }
+ bcal_cbc_decRand(msg, iv, ctx);
+}
+
--- /dev/null
+/* bcal-cbc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCALCBC_H_
+#define BCALCBC_H_
+
+#include <stdint.h>
+#include "blockcipher_descriptor.h"
+#include "bcal-basic.h"
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* prev_block;
+ uint8_t blocksize_B;
+} bcal_cbc_ctx_t;
+
+uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_free(bcal_cbc_ctx_t* ctx);
+void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
+void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx);
+
+
+#endif /* BCALCBC_H_ */
--- /dev/null
+/* bcal-cfb_bit.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-cfb_bit.h"
+#include "bcal-basic.h"
+
+static uint8_t read_bit(void* block, uint32_t index){
+ uint8_t r;
+ r=((uint8_t*)block)[index/8];
+ r=(r&(0x80>>(index&7)))?0xff:0x00;
+ return r;
+}
+
+static void write_bit(void* block, uint32_t index, uint8_t value){
+ if(value){
+ /* set bit */
+ ((uint8_t*)block)[index/8] |= 0x80>>(index&7);
+ }else{
+ /* clear bit */
+ ((uint8_t*)block)[index/8] &= ~(0x80>>(index&7));
+ }
+}
+
+uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->in_block=malloc(ctx->blocksize_B);
+ if(ctx->in_block==NULL){
+ return 0x11;
+ }
+ if(size_b>bcal_cipher_getBlocksize_b(desc)){
+ return 0x12;
+ }
+ ctx->size_b = size_b;
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx){
+ free(ctx->in_block);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->in_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ offset &= 7;
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ uint16_t i,j;
+ uint8_t a;
+ for(i=0; i<ctx->blocksize_B*8-ctx->size_b; ++i){
+ a = read_bit(ctx->in_block, i+ctx->size_b);
+ write_bit(ctx->in_block, i, a);
+ }
+ for(j=offset,i=0; i<ctx->size_b; ++i, ++j){
+ a = read_bit(tmp, i) ^ read_bit(block, j);
+ write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, a);
+ write_bit(block, j, a);
+ }
+}
+
+void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ offset &= 7;
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ uint16_t i,j;
+ uint8_t a,b;
+ for(i=0; i<ctx->blocksize_B*8-ctx->size_b; ++i){
+ a = read_bit(ctx->in_block, i+ctx->size_b);
+ write_bit(ctx->in_block, i, a);
+ }
+ for(j=offset,i=0; i<ctx->size_b; ++i, ++j){
+ a = read_bit(tmp, i);
+ b = read_bit(block, j);
+ a ^= b;
+ write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, b);
+ write_bit(block, j, a);
+ }
+}
+
+void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){
+ bcal_cfb_b_loadIV(iv, ctx);
+ uint64_t addr;
+ addr = ((uint32_t)msg)*8+offset;
+ while(msg_blocks--){
+ msg = (void*)((uint32_t)(addr/8));
+ offset = addr&7;
+ bcal_cfb_b_encNext(msg, offset, ctx);
+ addr += ctx->size_b;
+ }
+}
+
+void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){
+ bcal_cfb_b_loadIV(iv, ctx);
+ uint64_t addr;
+ addr = ((uint32_t)msg)*8+offset;
+ while(msg_blocks--){
+ msg = (void*)((uint32_t)(addr/8));
+ offset = addr&7;
+ bcal_cfb_b_decNext(msg, offset, ctx);
+ addr += ctx->size_b;
+ }
+}
--- /dev/null
+/* bcal-cfb_bit.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#ifndef BCALCFB_BIT_H_
+#define BCALCFB_BIT_H_
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* in_block;
+ uint8_t blocksize_B;
+ uint16_t size_b;
+} bcal_cfb_b_ctx_t;
+
+
+uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx);
+void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx);
+
+
+#endif /* BCALCFB_BIT_H_ */
--- /dev/null
+/* bcal-cfb_byte.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-cfb_byte.h"
+#include "bcal-basic.h"
+#include "memxor.h"
+
+
+uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->in_block=malloc(ctx->blocksize_B);
+ if(ctx->in_block==NULL){
+ return 0x11;
+ }
+ if(size_b&7){
+ return 0x12;
+ }
+ ctx->size_B = size_b/8;
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx){
+ free(ctx->in_block);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->in_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ memxor(block, tmp, ctx->size_B);
+ memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B);
+ memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, block, ctx->size_B);
+}
+
+void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ uint8_t xblock[ctx->size_B];
+ memcpy(xblock, block, ctx->size_B);
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ memxor(block, tmp, ctx->size_B);
+ memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B);
+ memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, xblock, ctx->size_B);
+}
+
+void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){
+ bcal_cfb_B_loadIV(iv, ctx);
+ while(msg_blocks--){
+ bcal_cfb_B_encNext(msg, ctx);
+ msg = (uint8_t*)msg+ctx->size_B;
+ }
+}
+
+void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){
+ bcal_cfb_B_loadIV(iv, ctx);
+ while(msg_blocks--){
+ bcal_cfb_B_decNext(msg, ctx);
+ msg = (uint8_t*)msg+ctx->size_B;
+ }
+}
+
--- /dev/null
+/* bcal-cbc.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCALCFB_BYTE_H_
+#define BCALCFB_BYTE_H_
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* in_block;
+ uint8_t blocksize_B;
+ uint8_t size_B;
+} bcal_cfb_B_ctx_t;
+
+
+uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx);
+void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx);
+
+
+#endif /* BCALCFB_BYTE_H_ */
--- /dev/null
+/* bcal-omac.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-basic.h"
+#include "bcal-cmac.h"
+#include "memxor.h"
+
+
+static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){
+ uint8_t c1=0, c2;
+ do{
+ --blocksize_B;
+ c2 = (((uint8_t*)block)[blocksize_B])>>7;
+ (((uint8_t*)block)[blocksize_B]) <<= 1;
+ (((uint8_t*)block)[blocksize_B]) |= c1;
+ c1 = c2;
+ }while(blocksize_B);
+ return c1;
+}
+
+static const uint8_t const_128 = 0x87;
+static const uint8_t const_64 = 0x1b;
+
+uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){
+ uint8_t r;
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8;
+ if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){
+ return 0x13;
+ }
+ ctx->accu = malloc(ctx->blocksize_B);
+ if(ctx->accu==NULL){
+ return 0x14;
+ }
+ ctx->k1 = malloc(ctx->blocksize_B);
+ if(ctx->k1==NULL){
+ return 0x15;
+ }
+ ctx->k2 = malloc(ctx->blocksize_B);
+ if(ctx->k2==NULL){
+ return 0x16;
+ }
+ ctx->lastblock = malloc(ctx->blocksize_B);
+ if(ctx->lastblock==NULL){
+ return 0x17;
+ }
+ r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+ if(r){
+ return r;
+ }
+ if(ctx->blocksize_B==128/8){
+ r = const_128;
+ }else{
+ r = const_64;
+ }
+ /* subkey computation */
+ memset(ctx->accu, 0x00, ctx->blocksize_B);
+ memset(ctx->k1, 0x00, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->k1, &(ctx->cctx));
+ if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){
+ ctx->k1[ctx->blocksize_B-1] ^= r;
+ }
+ memcpy(ctx->k2, ctx->k1, ctx->blocksize_B);
+ if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){
+ ctx->k2[ctx->blocksize_B-1] ^= r;
+ }
+ ctx->last_set=0;
+ return 0;
+}
+
+void bcal_cmac_free(bcal_cmac_ctx_t* ctx){
+ free(ctx->accu);
+ free(ctx->k1);
+ free(ctx->k2);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
+ if(ctx->last_set){
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+ }
+ memcpy(ctx->lastblock, block, ctx->blocksize_B);
+ ctx->last_set=1;
+}
+
+
+void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
+ uint16_t blocksize_b;
+ blocksize_b = ctx->blocksize_B*8;
+ while(length_b>=blocksize_b){
+ bcal_cmac_nextBlock(ctx, block);
+ block = (uint8_t*)block + ctx->blocksize_B;
+ length_b -= blocksize_b;
+ }
+ if(ctx->last_set==0){
+ memxor(ctx->accu, block, (length_b+7)/8);
+ memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+ ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+ }else{
+ if(length_b==0){
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ memxor(ctx->accu, ctx->k1, ctx->blocksize_B);
+ }else{
+ memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+ memxor(ctx->accu, block, (length_b+7)/8);
+ memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+ ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+ }
+ }
+ bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+}
+
+void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){
+ memcpy(dest, ctx->accu, length_b/8);
+ if(length_b&7){
+ ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7);
+ ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]);
+ }
+}
+
+void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){
+ uint16_t blocksize_b;
+ blocksize_b = ctx->blocksize_B*8;
+ while(length_b>blocksize_b){
+ bcal_cmac_nextBlock(ctx, block);
+ block = (uint8_t*)block + ctx->blocksize_B;
+ length_b -= blocksize_b;
+ }
+ bcal_cmac_lastBlock(ctx, block, length_b);
+ bcal_cmac_ctx2mac(dest, out_length_b, ctx);
+}
--- /dev/null
+/* bcal-cmac.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCALCMAC_H_
+#define BCALCMAC_H_
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* accu;
+ uint8_t* k1;
+ uint8_t* k2;
+ uint8_t* lastblock;
+ uint8_t last_set;
+ uint8_t blocksize_B;
+} bcal_cmac_ctx_t;
+
+uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx);
+void bcal_cmac_free(bcal_cmac_ctx_t* ctx);
+void bcal_cmac_nextBlock(bcal_cmac_ctx_t* ctx, const void* block);
+void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b);
+void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx);
+void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx);
+
+#endif /* BCALCMAC_H_ */
--- /dev/null
+/* bcal-ctr.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-basic.h"
+#include "bcal-ctr.h"
+#include "memxor.h"
+
+static void increment_be(void* block, uint8_t size_B){
+ uint16_t c=1;
+ do{
+ --size_B;
+ c += ((uint8_t*)block)[size_B];
+ ((uint8_t*)block)[size_B] = (uint8_t)c;
+ c>>=8;
+ }while(size_B);
+}
+
+uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ if(inc_func){
+ ctx->inc_func = inc_func;
+ }else{
+ ctx->inc_func = increment_be;
+ }
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->in_block=malloc(ctx->blocksize_B);
+ if(ctx->in_block==NULL){
+ return 0x11;
+ }
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_ctr_free(bcal_ctr_ctx_t* ctx){
+ free(ctx->in_block);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->in_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ memxor(block, tmp, ctx->blocksize_B);
+ ctx->inc_func(ctx->in_block, ctx->blocksize_B);
+}
+
+void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx){
+ bcal_ctr_encNext(block, ctx);
+}
+
+void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){
+ bcal_ctr_loadIV(iv, ctx);
+ uint16_t blocksize_b;
+ blocksize_b = ctx->blocksize_B*8;
+ while(msg_len_b>blocksize_b){
+ bcal_ctr_encNext(msg, ctx);
+ msg_len_b -= blocksize_b;
+ msg = (uint8_t*)msg + ctx->blocksize_B;
+ }
+ uint8_t tmp[ctx->blocksize_B];
+ memcpy(tmp, ctx->in_block, ctx->blocksize_B);
+ bcal_cipher_enc(tmp, &(ctx->cctx));
+ ctx->inc_func(ctx->in_block, ctx->blocksize_B);
+ tmp[msg_len_b/8] = 0xff00>>(msg_len_b&7);
+ memxor(msg, tmp, (msg_len_b+7)/8);
+}
+
+void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){
+ bcal_ctr_encMsg(iv, msg, msg_len_b, ctx);
+}
+
--- /dev/null
+/* bcal-ctr.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCALCTR_H_
+#define BCALCTR_H_
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+typedef void(*inc_fp_t)(void* block, uint8_t size_B);
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* in_block;
+ inc_fp_t inc_func;
+ uint8_t blocksize_B;
+} bcal_ctr_ctx_t;
+
+uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx);
+void bcal_ctr_free(bcal_ctr_ctx_t* ctx);
+void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx);
+void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx);
+void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx);
+void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx);
+void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx);
+
+#endif /* BCALCTR_H_ */
--- /dev/null
+/* bca-eax.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+#include "bcal-cmac.h"
+#include "bcal-ctr.h"
+#include "bcal-eax.h"
+#include "memxor.h"
+
+uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx){
+ uint8_t r;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->nonce = malloc(ctx->blocksize_B);
+ if(ctx->nonce==NULL){
+ return 0x81;
+ }
+ r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ctag));
+ if(r){
+ return r;
+ }
+ r = bcal_cmac_init(desc, key, keysize_b, &(ctx->htag));
+ if(r){
+ return (r|0x10);
+ }
+ r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ntag));
+ if(r){
+ return (r|0x20);
+ }
+ r = bcal_ctr_init(desc, key, keysize_b, NULL, &(ctx->cipher));
+ if(r){
+ return (r|0x30);
+ }
+ ctx->header_set=0;
+ uint8_t tmp[ctx->blocksize_B];
+ memset(tmp, 0, ctx->blocksize_B);
+ bcal_cmac_nextBlock(&(ctx->ntag), tmp);
+ tmp[ctx->blocksize_B-1]=1;
+ bcal_cmac_nextBlock(&(ctx->htag), tmp);
+ tmp[ctx->blocksize_B-1]=2;
+ bcal_cmac_nextBlock(&(ctx->ctag), tmp);
+ return 0;
+}
+
+void bcal_eax_free(bcal_eax_ctx_t* ctx){
+ bcal_ctr_free(&(ctx->cipher));
+ bcal_cmac_free(&(ctx->ctag));
+ bcal_cmac_free(&(ctx->htag));
+ bcal_cmac_free(&(ctx->ntag));
+ free(ctx->nonce);
+}
+
+void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx){
+ bcal_cmac_lastBlock(&(ctx->ntag), nonce, length_b);
+ bcal_cmac_ctx2mac(ctx->nonce, ctx->blocksize_B*8, &(ctx->ntag));
+ bcal_ctr_loadIV(ctx->nonce, &(ctx->cipher));
+}
+
+void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx){
+ bcal_cmac_nextBlock(&(ctx->htag), header);
+}
+
+void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx){
+ bcal_cmac_lastBlock(&(ctx->htag), header, length_b);
+ ctx->header_set = 1;
+}
+
+void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx){
+ bcal_ctr_encNext(block, &(ctx->cipher));
+ bcal_cmac_nextBlock(&(ctx->ctag), block);
+}
+
+void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){
+ bcal_ctr_encMsg(NULL, block, length_b, &(ctx->cipher));
+ bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
+}
+
+void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx){
+ bcal_cmac_nextBlock(&(ctx->ctag), block);
+ bcal_ctr_decNext(block, &(ctx->cipher));
+}
+
+void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){
+ bcal_cmac_lastBlock(&(ctx->ctag), block, length_b);
+ bcal_ctr_decMsg(NULL, block, length_b, &(ctx->cipher));
+}
+
+void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx){
+ uint8_t tmp[ctx->blocksize_B];
+ if(ctx->header_set==0){
+ bcal_cmac_lastBlock(&(ctx->htag), NULL, 0);
+ }
+
+ bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->htag));
+ memxor(ctx->nonce, tmp, ctx->blocksize_B);
+
+ bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->ctag));
+ memxor(ctx->nonce, tmp, ctx->blocksize_B);
+ memcpy(dest, ctx->nonce, (length_b+7)/8);
+}
+
--- /dev/null
+/* bcal-eax.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef BCALEAX_H_
+#define BCALEAX_H_
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+#include "bcal-cmac.h"
+#include "bcal-ctr.h"
+
+typedef struct{
+ uint8_t* nonce;
+ bcal_cmac_ctx_t ntag;
+ bcal_cmac_ctx_t ctag;
+ bcal_cmac_ctx_t htag;
+ bcal_ctr_ctx_t cipher;
+ uint8_t blocksize_B;
+ uint8_t header_set;
+} bcal_eax_ctx_t;
+
+uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx);
+void bcal_eax_free(bcal_eax_ctx_t* ctx);
+void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx);
+void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx);
+void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx);
+void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx);
+void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx);
+void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx);
+void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx);
+void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx);
+//void bcal_eax(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_eax_ctx_t* ctx);
+
+#endif /* BCALEAX_H_ */
+
--- /dev/null
+/* bcal-ofb.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-ofb.h"
+#include "bcal-basic.h"
+#include "memxor.h"
+
+
+uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx){
+ ctx->desc = (bcdesc_t*)desc;
+ ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8;
+ ctx->in_block=malloc(ctx->blocksize_B);
+ if(ctx->in_block==NULL){
+ return 0x11;
+ }
+ return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+}
+
+void bcal_ofb_free(bcal_ofb_ctx_t* ctx){
+ free(ctx->in_block);
+ bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx){
+ if(iv){
+ memcpy(ctx->in_block, iv, ctx->blocksize_B);
+ }
+}
+
+void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx){
+ bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
+ memxor(block, ctx->in_block, ctx->blocksize_B);
+}
+
+void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx){
+ bcal_cipher_enc(ctx->in_block , &(ctx->cctx));
+ memxor(block, ctx->in_block, ctx->blocksize_B);
+}
+
+
+void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
+ uint16_t block_len_b;
+ block_len_b = ctx->blocksize_B*8;
+ bcal_ofb_loadIV(iv, ctx);
+ while(msg_len_b>block_len_b){
+ bcal_ofb_encNext(msg, ctx);
+ msg_len_b -= block_len_b;
+ msg = (uint8_t*)msg + ctx->blocksize_B;
+ }
+ bcal_cipher_enc(ctx->in_block, &(ctx->cctx));
+ ctx->in_block[msg_len_b/8] = 0xff00>>(msg_len_b&7);
+ memxor(msg, ctx->in_block, (msg_len_b+7)/8);
+}
+
+void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){
+ bcal_ofb_encMsg(iv, msg, msg_len_b, ctx);
+}
+
--- /dev/null
+/* bcal-ofb.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#ifndef BCALOFB_H_
+#define BCALOFB_H_
+
+#include <stdint.h>
+#include "bcal-basic.h"
+#include "blockcipher_descriptor.h"
+
+
+typedef struct{
+ bcdesc_t* desc;
+ bcgen_ctx_t cctx;
+ uint8_t* in_block;
+ uint8_t blocksize_B;
+} bcal_ofb_ctx_t;
+
+
+uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_free(bcal_ofb_ctx_t* ctx);
+void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
+void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx);
+
+
+#endif /* BCALOFB_H_ */
--- /dev/null
+/* bcal-performance.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * \file bcal-performance.c
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2010-02-16
+ * \license GPLv3 or later
+ *
+ */
+
+#include "bcal-performance.h"
+#include "keysize_descriptor.h"
+#include "blockcipher_descriptor.h"
+#include "performance_test.h"
+#include "cli.h"
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+static
+void printvalue(unsigned long v){
+ char str[20];
+ int i;
+ ultoa(v, str, 10);
+ for(i=0; i<10-strlen(str); ++i){
+ cli_putc(' ');
+ }
+ cli_putstr(str);
+}
+
+void bcal_performance(const bcdesc_t* bcd){
+ bcdesc_t bc;
+ memcpy(&bc, bcd, sizeof(bcdesc_t));
+ uint8_t ctx[bc.ctxsize_B];
+ uint8_t data[(bc.blocksize_b+7)/8];
+ uint16_t keysize = get_keysize(bc.valid_keysize_desc);
+ uint8_t key[(keysize+7)/8];
+ uint64_t t;
+ uint8_t i;
+
+ if(bc.type!=BCDESC_TYPE_BLOCKCIPHER)
+ return;
+ calibrateTimer();
+ print_overhead();
+ cli_putstr("\r\n\r\n === ");
+ cli_putstr(bc.name);
+ cli_putstr(" performance === "
+ "\r\n type: blockcipher"
+ "\r\n keysize (bits): ");
+ printvalue(keysize);
+
+ cli_putstr("\r\n ctxsize (bytes): ");
+ printvalue(bc.ctxsize_B);
+
+ cli_putstr("\r\n blocksize (bits): ");
+ printvalue(bc.blocksize_b);
+
+ t=0;
+ if(bc.init.init1){
+ if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){
+ for(i=0; i<32; ++i){
+ startTimer(0);
+ START_TIMER;
+ (bc.init.init1)(key, &ctx);
+ STOP_TIMER;
+ t += stopTimer();
+ if(i!=31 && bc.free){
+ bc.free(&ctx);
+ }
+ }
+ } else {
+ for(i=0; i<32; ++i){
+ startTimer(0);
+ START_TIMER;
+ (bc.init.init2)(key, keysize, &ctx);
+ STOP_TIMER;
+ t += stopTimer();
+ if(i!=31 && bc.free){
+ bc.free(&ctx);
+ }
+ }
+ }
+ t>>=5;
+ cli_putstr("\r\n init (cycles): ");
+ printvalue(t);
+ }
+
+ t=0;
+ for(i=0; i<32; ++i){
+ startTimer(0);
+ START_TIMER;
+ bc.enc.enc1(data, &ctx);
+ STOP_TIMER;
+ t += stopTimer();
+ }
+ t>>=5;
+ cli_putstr("\r\n encrypt (cycles): ");
+ printvalue(t);
+
+ t=0;
+ for(i=0; i<32; ++i){
+ startTimer(0);
+ START_TIMER;
+ bc.dec.dec1(data, &ctx);
+ STOP_TIMER;
+ t += stopTimer();
+ }
+ t>>=5;
+ cli_putstr("\r\n decrypt (cycles): ");
+ printvalue(t);
+
+ if(bc.free){
+ bc.free(&ctx);
+ }
+
+}
+
+
+void bcal_performance_multiple(const bcdesc_t** bcd_list){
+ const bcdesc_t* bcd;
+ for(;;){
+ bcd = *bcd_list;
+ if(!bcd){
+ cli_putstr("\r\n\r\n End of performance figures\r\n");
+ return;
+ }
+ bcal_performance(bcd++);
+ bcd_list++;
+ }
+}
--- /dev/null
+/* bcal-performance.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * \file bcal-performance.h
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2010-02-16
+ * \license GPLv3 or later
+ *
+ */
+
+#ifndef BCAL_PERFORMANCE_H_
+#define BCAL_PERFORMANCE_H_
+
+#include "blockcipher_descriptor.h"
+
+void bcal_performance(const bcdesc_t* hd);
+void bcal_performance_multiple(const bcdesc_t** hd_list);
+
+
+#endif /* BCAL_PERFORMANCE_H_ */
--- /dev/null
+/* bcal_aes128.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes128.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdlib.h>
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes128_enc.h"
+#include "aes128_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes128_str[] = "AES-128";
+
+const uint8_t aes128_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(128),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes128_desc = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes128_str,
+ sizeof(aes128_ctx_t),
+ 128,
+ {(void_fpt)aes128_init},
+ {(void_fpt)aes128_enc},
+ {(void_fpt)aes128_dec},
+ (bc_free_fpt)NULL,
+ aes128_keysize_desc
+};
+
+
--- /dev/null
+/* bcal_aes128.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes128.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes128_enc.h"
+#include "aes128_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes128_desc;
--- /dev/null
+/* bcal_aes192.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes192.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdlib.h>
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes192_enc.h"
+#include "aes192_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes192_str[] = "AES-192";
+
+const uint8_t aes192_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(192),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes192_desc = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes192_str,
+ sizeof(aes192_ctx_t),
+ 128,
+ {(void_fpt)aes192_init},
+ {(void_fpt)aes192_enc},
+ {(void_fpt)aes192_dec},
+ (bc_free_fpt)NULL,
+ aes192_keysize_desc
+};
+
+
--- /dev/null
+/* bcal_aes192.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes192.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes192_enc.h"
+#include "aes192_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes192_desc;
--- /dev/null
+/* bcal_aes256.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes256.c
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdlib.h>
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes256_enc.h"
+#include "aes256_dec.h"
+#include "aes_keyschedule.h"
+#include "keysize_descriptor.h"
+
+const char aes256_str[] = "AES-256";
+
+const uint8_t aes256_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(256),
+ KS_TYPE_TERMINATOR };
+
+const bcdesc_t aes256_desc = {
+ BCDESC_TYPE_BLOCKCIPHER,
+ BC_INIT_TYPE_1,
+ aes256_str,
+ sizeof(aes256_ctx_t),
+ 128,
+ {(void_fpt)aes256_init},
+ {(void_fpt)aes256_enc},
+ {(void_fpt)aes256_dec},
+ (bc_free_fpt)NULL,
+ aes256_keysize_desc
+};
+
+
--- /dev/null
+/* bcal_aes256.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file bcal_aes256.h
+ * \email daniel.otte@rub.de
+ * \author Daniel Otte
+ * \date 2009-01-08
+ * \license GPLv3 or later
+ *
+ */
+
+#include "blockcipher_descriptor.h"
+#include "aes.h"
+#include "aes256_enc.h"
+#include "aes256_dec.h"
+#include "keysize_descriptor.h"
+
+extern const bcdesc_t aes256_desc;
--- /dev/null
+/* blockcipher_descriptor.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file blockcipher_descriptor.h
+ * \author Daniel Otte
+ * \date 2009-02-04
+ *
+ * \license GPLv3 or later
+ *
+ */
+
+#ifndef BLOCKCIPHER_DESCRIPTOR_H_
+#define BLOCKCIPHER_DESCRIPTOR_H_
+#include <stdint.h>
+
+
+#ifndef VOID_FPT
+#define VOID_FPT
+typedef void(*void_fpt)(void);
+#endif
+
+typedef void(*bc_init1_fpt)(void*, void*);
+typedef void(*bc_init2_fpt)(void*, uint16_t,void*);
+typedef void(*bc_enc1_fpt)(void*, void*);
+typedef void(*bc_enc2_fpt)(void*, void*, void*);
+typedef void(*bc_dec1_fpt)(void*, void*);
+typedef void(*bc_dec2_fpt)(void*, void*, void*);
+typedef void(*bc_free_fpt)(void*);
+
+typedef union{
+ void_fpt initvoid;
+ bc_init1_fpt init1;
+ bc_init2_fpt init2;
+} bc_init_fpt;
+
+typedef union{
+ void_fpt encvoid;
+ bc_enc1_fpt enc1;
+ bc_enc2_fpt enc2;
+} bc_enc_fpt;
+
+typedef union{
+ void_fpt decvoid;
+ bc_dec1_fpt dec1;
+ bc_dec2_fpt dec2;
+} bc_dec_fpt;
+
+#define BC_INIT_TYPE 0x01
+#define BC_INIT_TYPE_1 0x00
+#define BC_INIT_TYPE_2 0x01
+
+#define BC_ENC_TYPE 0x02
+#define BC_ENC_TYPE_1 0x00
+#define BC_ENC_TYPE_2 0x02
+#
+#define BC_DEC_TYPE 0x04
+#define BC_DEC_TYPE_1 0x00
+#define BC_DEC_TYPE_2 0x04
+
+#define BCDESC_TYPE_BLOCKCIPHER 0x01
+
+typedef struct {
+ uint8_t type; /* 1==blockcipher */
+ uint8_t flags;
+ const char* name;
+ uint16_t ctxsize_B;
+ uint16_t blocksize_b;
+ bc_init_fpt init;
+ bc_enc_fpt enc;
+ bc_dec_fpt dec;
+ bc_free_fpt free;
+ const void* valid_keysize_desc;
+} bcdesc_t; /* blockcipher descriptor type */
+
+typedef struct{
+ bcdesc_t* desc_ptr;
+ uint16_t keysize;
+ void* ctx;
+} bcgen_ctx_t;
+
+#endif /* BLOCKCIPHER_DESCRIPTOR_H_ */
+
along with this program. If not, see <http://www.gnu.org/licenses/>.
=end
+require 'rubygems'
require 'serialport'
def read_line(error_msg=true)
--- /dev/null
+/* keysize_descriptor.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file keysize_descriptor.c
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-01-07
+ * \license GPLv3 or later
+ */
+
+#include <stdint.h>
+#include "keysize_descriptor.h"
+
+uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize){
+ uint8_t type;
+ type = *((uint8_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 1;
+ if(type==KS_TYPE_TERMINATOR)
+ return 0;
+ if(type==KS_TYPE_LIST){
+ uint8_t items;
+ uint16_t item;
+ items = *((uint8_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 1;
+ while(items--){
+ item = *((uint16_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ if(item==keysize)
+ return 1;
+ }
+ ks_desc = (uint8_t*)ks_desc - 2;
+ }
+ if(type==KS_TYPE_RANGE){
+ uint16_t max, min;
+ min = *((uint16_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ max = *((uint16_t*)ks_desc);
+ if(min<=keysize && keysize<=max)
+ return 1;
+ }
+ if(type==KS_TYPE_ARG_RANGE){
+ uint16_t max, min, dist, offset;
+ min = *((uint16_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ max = *((uint16_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ dist = *((uint16_t*)ks_desc);
+ ks_desc = (uint8_t*)ks_desc + 2;
+ offset = *((uint16_t*)ks_desc);
+ if(min<=keysize && keysize<=max && (keysize%dist==offset))
+ return 1;
+ }
+ if(type>KS_TYPE_ARG_RANGE){
+ /* bad error, you may insert a big warning message here */
+ return 0;
+ }
+ return is_valid_keysize_P((uint8_t*)ks_desc+1, keysize); /* search the next record */
+}
+
+uint16_t get_keysize(const void* ks_desc){
+ uint8_t type;
+ uint16_t keysize;
+ type = *((uint8_t*)ks_desc);
+ if(type==KS_TYPE_LIST)
+ ks_desc = (uint8_t*)ks_desc + 1;
+ ks_desc = (uint8_t*)ks_desc + 1;
+ keysize = *((uint16_t*)ks_desc);
+ return keysize;
+}
+
+
--- /dev/null
+/* keysize_descriptor.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file keysize_descriptor.h
+ * \author Daniel Otte
+ * \email daniel.otte@rub.de
+ * \date 2009-01-07
+ * \license GPLv3 or later
+ */
+
+#ifndef KEYSIZE_DESCRIPTOR_H_
+#define KEYSIZE_DESCRIPTOR_H_
+
+#include <stdint.h>
+
+#define KS_TYPE_TERMINATOR 0x00
+#define KS_TYPE_LIST 0x01
+#define KS_TYPE_RANGE 0x02
+#define KS_TYPE_ARG_RANGE 0x03
+
+#define KS_INT(a) ((a)&0xFF), ((a)>>8)
+
+typedef struct{ /* keysize is valid if listed in items */
+ uint8_t n_items; /* number of items (value 0 is reserved) */
+ uint16_t items[]; /* list of valid lengths */
+}keysize_desc_list_t;
+
+typedef struct{ /* keysize is valid if min<=keysize<=max */
+ uint16_t min;
+ uint16_t max;
+}keysize_desc_range_t;
+
+typedef struct{ /* keysize is valid if min<=keysize<=max and if keysize mod distance == offset */
+ uint16_t min;
+ uint16_t max;
+ uint16_t distance;
+ uint16_t offset;
+}keysize_desc_arg_range_t;
+
+uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize);
+uint16_t get_keysize(const void* ks_desc);
+#endif /* KEYSIZE_DESCRIPTOR_H_ */
--- /dev/null
+/* cmacvs.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file cmacvs.c
+ * \author Daniel Otte
+ * \date 2010-02-02
+ * \license GPLv3 or later
+ *
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include "blockcipher_descriptor.h"
+#include "bcal-basic.h"
+#include "bcal-cmac.h"
+#include "cmacvs.h"
+#include "string-extras.h"
+#include "cli.h"
+
+
+#ifdef DEBUG
+# undef DEBUG
+#endif
+
+#define DEBUG 0
+
+#if DEBUG
+# include "config.h"
+# include <util/delay.h>
+#endif
+
+bcdesc_t* cmacvs_algo=NULL;
+bcdesc_t** cmacvs_algolist=NULL;
+
+void cmacvs_listalgos(void){
+ char option = 'a';
+
+ bcdesc_t* t;
+ uint8_t i=0;
+ cli_putstr("\r\nthe following algorithms are available:\r\n");
+ while(option<='z' && (t=(bcdesc_t*)(cmacvs_algolist[i]))){
+ cli_putc('\t');
+ cli_putc((t==cmacvs_algo)?'*':' ');
+ cli_putc(option++);
+ cli_putstr(":\t");
+ cli_putstr(t->name);
+ cli_putstr("\r\n");
+ i++;
+ }
+}
+
+void cmacvs_setalgo(char* param){
+ param = strstrip(param);
+ if(param[1]=='\0'){ /* single letter specified */
+ uint8_t i,option = param[0]-'a';
+
+ if(!cmacvs_algolist){
+ cli_putstr("\r\nERROR: cmacvs_algolist not set!");
+ return;
+ }
+ for(i=0; i<=option; ++i){
+ if((cmacvs_algolist[i])==NULL){
+ cli_putstr("\r\nERROR: invalid selection!");
+ return;
+ }
+ }
+ cmacvs_algo=(bcdesc_t*)(cmacvs_algolist[option]);
+ } else { /* name specifyed */
+ bcdesc_t* t=NULL;
+ uint8_t i=0;
+ while((t=(bcdesc_t*)(cmacvs_algolist[i])) &&
+ strcasecmp(param, t->name))
+ ++i;
+ if(t){
+ cmacvs_algo=t;
+ }else{
+ cli_putstr("\r\nERROR: could not find \"");
+ cli_putstr(param);
+ cli_putstr("\"!");
+ }
+ }
+}
+
+typedef struct {
+ uint16_t buffer_idx;
+ uint16_t buffersize_B;
+ uint32_t blocks;
+ bcal_cmac_ctx_t ctx;
+ uint8_t* buffer;
+ uint8_t in_byte;
+} cmacvs_ctx_t;
+
+static cmacvs_ctx_t cmacvs_ctx;
+
+uint8_t buffer_add(char c){
+ uint8_t v,t;
+ if(cmacvs_ctx.buffer_idx==cmacvs_ctx.buffersize_B){
+ bcal_cmac_nextBlock(&(cmacvs_ctx.ctx), cmacvs_ctx.buffer);
+ ++cmacvs_ctx.blocks;
+ cmacvs_ctx.buffer_idx=0;
+ cmacvs_ctx.in_byte=0;
+ cli_putc('.');
+ memset(cmacvs_ctx.buffer, 0, cmacvs_ctx.buffersize_B);
+ }
+ if(c>='0' && c<='9'){
+ v=c-'0';
+ }else{
+ c &= (uint8_t)~('a' ^ 'A');
+ if(c>='A' && c<='F'){
+ v=c-'A'+10;
+ }else{
+ return 1;
+ }
+ }
+ t=cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx];
+ if(cmacvs_ctx.in_byte){
+ t |= v;
+ cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx]=t;
+ cmacvs_ctx.buffer_idx++;
+ cmacvs_ctx.in_byte = 0;
+ }else{
+ t |= v<<4;
+ cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx]=t;
+ cmacvs_ctx.in_byte = 1;
+ }
+ return 0;
+}
+
+int32_t getValue(char* key){
+ uint32_t val=0;
+ char instr[21];
+ char* str2;
+ for(;;){
+ memset(instr, 0, 21);
+ cli_getsn(instr, 20);
+ str2 = strstrip(instr);
+ if(!strncasecmp(str2, key, strlen(key))){
+ while(*str2 && *str2!='=')
+ str2++;
+ if(*str2=='='){
+ do{
+ str2++;
+ }while(*str2 && !isdigit(*str2));
+ val=(uint32_t)strtoul(str2, NULL, 10);
+ return val;
+ }
+ } else {
+ if(!strncasecmp(str2, "EXIT", 4)){
+ cli_putstr("\r\n got exit ...");
+ return -1;
+ }
+ }
+ }
+ return -2;
+}
+
+uint8_t getKey(void* key_buffer, uint8_t klen_B){
+ char c;
+ uint8_t v,i=0;
+ memset(key_buffer, 0x00, klen_B);
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='k');
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='e');
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='y');
+ do{
+ c = cli_getc_cecho();
+ }while(c!='=');
+ klen_B *= 2;
+ while(klen_B){
+ v = 0x10;
+ c = cli_getc_cecho();
+ if(c>='0' && c<='9'){
+ v = c-'0';
+ }else{
+ c |= 'A'^'a';
+ if(c>='a' && c<='f'){
+ v= c-'a'+10;
+ }
+ }
+ if(v<0x10){
+ if((i&1)==0){
+ v<<=4;
+ }
+ ((uint8_t*)key_buffer)[i/2] |= v;
+ ++i;
+ --klen_B;
+ }
+ }
+ return 0;
+}
+
+uint8_t getMac(void* mac_buffer, uint8_t mlen_B){
+ char c;
+ uint8_t v,i=0;
+ memset(mac_buffer, 0x00, mlen_B);
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='m');
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='a');
+ do{
+ c = cli_getc_cecho();
+ }while((c|('a'^'A'))!='c');
+ do{
+ c = cli_getc_cecho();
+ }while(c!='=');
+ mlen_B *= 2;
+ while(mlen_B){
+ v = 0x10;
+ c = cli_getc_cecho();
+ if(c>='0' && c<='9'){
+ v = c-'0';
+ }else{
+ c |= 'A'^'a';
+ if(c>='a' && c<='f'){
+ v= c-'a'+10;
+ }
+ }
+ if(v<0x10){
+ if((i&1)==0){
+ v<<=4;
+ }
+ ((uint8_t*)mac_buffer)[i/2] |= v;
+ ++i;
+ --mlen_B;
+ }
+ }
+ return 0;
+}
+
+void cmacvs_test1(void){ /* Gen tests */
+ int32_t klen, mlen, tlen;
+ int32_t expect_input=0;
+
+ if(!cmacvs_algo){
+ cli_putstr("\r\nERROR: select algorithm first!");
+ return;
+ }
+ char c;
+ cmacvs_ctx.buffersize_B=(cmacvs_algo->blocksize_b)/8;
+ uint8_t tag[cmacvs_ctx.buffersize_B];
+ uint8_t buffer[cmacvs_ctx.buffersize_B+5];
+ cmacvs_ctx.buffer = buffer;
+ cli_putstr("\r\nbuffer_size = 0x");
+ cli_hexdump_rev(&(cmacvs_ctx.buffersize_B), 2);
+ cli_putstr(" bytes");
+ for(;;){
+ cmacvs_ctx.blocks = 0;
+ memset(buffer, 0, cmacvs_ctx.buffersize_B);
+ klen = getValue("Klen");
+ if(klen<0){
+ return;
+ }
+ mlen = getValue("Mlen");
+ if(mlen<0){
+ return;
+ }
+ tlen = getValue("Tlen");
+ if(tlen<0){
+ return;
+ }
+ uint8_t key_buffer[klen];
+#if DEBUG
+ cli_putstr("\r\nKLen == ");
+ cli_hexdump_rev(&klen, 4);
+ cli_putstr("\r\nMLen == ");
+ cli_hexdump_rev(&mlen, 4);
+ cli_putstr("\r\nTLen == ");
+ cli_hexdump_rev(&tlen, 4);
+#endif
+ getKey(key_buffer, klen);
+ if(mlen==0){
+ expect_input=2;
+ }else{
+ expect_input=mlen*2;
+ }
+#if DEBUG
+ cli_putstr("\r\nexpected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+ if(expect_input==0)
+ cli_putstr("\r\nexpected_input == 0 !!!");
+#endif
+ uint8_t ret;
+#if DEBUG
+ cli_putstr("\r\n CMAC init");
+ cli_putstr("\r\n (2) expected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+#endif
+ ret = bcal_cmac_init(cmacvs_algo, key_buffer, klen*8, &(cmacvs_ctx.ctx));
+ if(ret){
+ cli_putstr("\r\n bcal_cmac_init returned with: ");
+ cli_hexdump(&ret, 1);
+ return;
+ }
+#if DEBUG
+ cli_putstr("\r\n (3) expected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+ cli_putstr("\r\n");
+#endif
+ while((c=cli_getc_cecho())!='M' && c!='m'){
+ if(!isspace(c)){
+ cli_putstr("\r\nERROR: wrong input (1) [0x");
+ cli_hexdump(&c, 1);
+ cli_putstr("]!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+ if((c=cli_getc_cecho())!='s' && c!='S'){
+ cli_putstr("\r\nERROR: wrong input (2)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ if((c=cli_getc_cecho())!='g' && c!='G'){
+ cli_putstr("\r\nERROR: wrong input (3)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ while((c=cli_getc_cecho())!='='){
+ if(!isspace(c)){
+ cli_putstr("\r\nERROR: wrong input (4)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+#if DEBUG
+ cli_putstr("\r\nparsing started");
+#endif
+ cmacvs_ctx.buffer_idx = 0;
+ cmacvs_ctx.in_byte = 0;
+ cmacvs_ctx.blocks = 0;
+ while(expect_input>0){
+ c=cli_getc_cecho();
+#if DEBUG
+ cli_putstr("\r\n\t(");
+ cli_hexdump_rev(&expect_input, 4);
+ cli_putstr(") ");
+ _delay_ms(500);
+#endif
+ if(buffer_add(c)==0){
+ --expect_input;
+ }else{
+ if(!isblank((uint16_t)c)){
+ cli_putstr("\r\nERROR: wrong input (5) (");
+ cli_putc(c);
+ cli_putstr(")!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+ }
+#if DEBUG
+ cli_putstr("\r\nBuffer-A:");
+ cli_hexdump_block(buffer, cmacvs_ctx.buffersize_B, 5, 8);
+
+ cli_putstr("\r\n starting finalisation");
+ cli_putstr("\r\n\tblocks == ");
+ cli_hexdump_rev(&(cmacvs_ctx.blocks),4);
+ cli_putstr("\r\n\tbuffer_idx == ");
+ cli_hexdump_rev(&(cmacvs_ctx.buffer_idx),2);
+ cli_putstr("\r\n\tin_byte == ");
+ cli_hexdump_rev(&(cmacvs_ctx.in_byte),1);
+// _delay_ms(500);
+
+ cli_putstr("\r\n starting last block");
+ cli_putstr("\r\n\tlength == ");
+ cli_hexdump_rev(&mlen,4);
+ cli_putstr("\r\n\tbuffersize_B == ");
+ cli_hexdump_rev(&(cmacvs_ctx.buffersize_B),2);
+ uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8;
+ cli_putstr("\r\n\t (temp) == ");
+ cli_hexdump_rev(&temp,2);
+// _delay_ms(500);
+#endif
+ uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8;
+ bcal_cmac_lastBlock( &(cmacvs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
+// length-(cmacvs_ctx.blocks)*((cmacvs_ctx.buffersize_B)*8));
+ temp );
+#if DEBUG
+ cli_putstr("\r\n starting ctx2cmac");
+ _delay_ms(500);
+#endif
+ bcal_cmac_ctx2mac(tag, tlen*8, &(cmacvs_ctx.ctx));
+#if DEBUG
+ cli_putstr("\r\n starting cmac free");
+#endif
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ cli_putstr("\r\n Mac = ");
+ cli_hexdump(tag, tlen);
+
+ }
+}
+
+
+void cmacvs_test2(void){ /* Ver tests */
+ int32_t klen, mlen, tlen;
+ int32_t expect_input=0;
+
+ if(!cmacvs_algo){
+ cli_putstr("\r\nERROR: select algorithm first!");
+ return;
+ }
+ char c;
+ cmacvs_ctx.buffersize_B=(cmacvs_algo->blocksize_b)/8;
+ uint8_t tag[cmacvs_ctx.buffersize_B];
+ uint8_t tag_ref[cmacvs_ctx.buffersize_B];
+ uint8_t buffer[cmacvs_ctx.buffersize_B+5];
+ cmacvs_ctx.buffer = buffer;
+ cli_putstr("\r\nbuffer_size = 0x");
+ cli_hexdump_rev(&(cmacvs_ctx.buffersize_B), 2);
+ cli_putstr(" bytes");
+ for(;;){
+ cmacvs_ctx.blocks = 0;
+ memset(buffer, 0, cmacvs_ctx.buffersize_B);
+ klen = getValue("Klen");
+ if(klen<0){
+ return;
+ }
+ mlen = getValue("Mlen");
+ if(mlen<0){
+ return;
+ }
+ tlen = getValue("Tlen");
+ if(tlen<0){
+ return;
+ }
+ uint8_t key_buffer[klen];
+#if DEBUG
+ cli_putstr("\r\nKLen == ");
+ cli_hexdump_rev(&klen, 4);
+ cli_putstr("\r\nMLen == ");
+ cli_hexdump_rev(&mlen, 4);
+ cli_putstr("\r\nTLen == ");
+ cli_hexdump_rev(&tlen, 4);
+#endif
+ getKey(key_buffer, klen);
+ if(mlen==0){
+ expect_input=2;
+ }else{
+ expect_input=mlen*2;
+ }
+#if DEBUG
+ cli_putstr("\r\nexpected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+ if(expect_input==0)
+ cli_putstr("\r\nexpected_input == 0 !!!");
+#endif
+ uint8_t ret;
+#if DEBUG
+ cli_putstr("\r\n CMAC init");
+ cli_putstr("\r\n (2) expected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+#endif
+ ret = bcal_cmac_init(cmacvs_algo, key_buffer, klen*8, &(cmacvs_ctx.ctx));
+ if(ret){
+ cli_putstr("\r\n bcal_cmac_init returned with: ");
+ cli_hexdump(&ret, 1);
+ return;
+ }
+#if DEBUG
+ cli_putstr("\r\n (3) expected_input == ");
+ cli_hexdump_rev(&expect_input, 4);
+ cli_putstr("\r\n");
+#endif
+ while((c=cli_getc_cecho())!='M' && c!='m'){
+ if(!isspace(c)){
+ cli_putstr("\r\nERROR: wrong input (1) [0x");
+ cli_hexdump(&c, 1);
+ cli_putstr("]!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+ if((c=cli_getc_cecho())!='s' && c!='S'){
+ cli_putstr("\r\nERROR: wrong input (2)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ if((c=cli_getc_cecho())!='g' && c!='G'){
+ cli_putstr("\r\nERROR: wrong input (3)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ while((c=cli_getc_cecho())!='='){
+ if(!isspace(c)){
+ cli_putstr("\r\nERROR: wrong input (4)!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+#if DEBUG
+ cli_putstr("\r\nparsing started");
+#endif
+ cmacvs_ctx.buffer_idx = 0;
+ cmacvs_ctx.in_byte = 0;
+ cmacvs_ctx.blocks = 0;
+ while(expect_input>0){
+ c=cli_getc_cecho();
+#if DEBUG
+ cli_putstr("\r\n\t(");
+ cli_hexdump_rev(&expect_input, 4);
+ cli_putstr(") ");
+ _delay_ms(500);
+#endif
+ if(buffer_add(c)==0){
+ --expect_input;
+ }else{
+ if(!isblank((uint16_t)c)){
+ cli_putstr("\r\nERROR: wrong input (5) (");
+ cli_putc(c);
+ cli_putstr(")!\r\n");
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ return;
+ }
+ }
+ }
+#if DEBUG
+ cli_putstr("\r\nBuffer-A:");
+ cli_hexdump_block(buffer, cmacvs_ctx.buffersize_B, 5, 8);
+
+ cli_putstr("\r\n starting finalisation");
+ cli_putstr("\r\n\tblocks == ");
+ cli_hexdump_rev(&(cmacvs_ctx.blocks),4);
+ cli_putstr("\r\n\tbuffer_idx == ");
+ cli_hexdump_rev(&(cmacvs_ctx.buffer_idx),2);
+ cli_putstr("\r\n\tin_byte == ");
+ cli_hexdump_rev(&(cmacvs_ctx.in_byte),1);
+// _delay_ms(500);
+
+ cli_putstr("\r\n starting last block");
+ cli_putstr("\r\n\tlength == ");
+ cli_hexdump_rev(&mlen,4);
+ cli_putstr("\r\n\tbuffersize_B == ");
+ cli_hexdump_rev(&(cmacvs_ctx.buffersize_B),2);
+ uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8;
+ cli_putstr("\r\n\t (temp) == ");
+ cli_hexdump_rev(&temp,2);
+// _delay_ms(500);
+#endif
+ uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8;
+ bcal_cmac_lastBlock( &(cmacvs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */
+// length-(cmacvs_ctx.blocks)*((cmacvs_ctx.buffersize_B)*8));
+ temp );
+#if DEBUG
+ cli_putstr("\r\n starting ctx2cmac");
+ _delay_ms(500);
+#endif
+ bcal_cmac_ctx2mac(tag, tlen*8, &(cmacvs_ctx.ctx));
+#if DEBUG
+ cli_putstr("\r\n starting cmac free");
+#endif
+ bcal_cmac_free(&(cmacvs_ctx.ctx));
+ cli_putstr("\r\n Mac = ");
+ cli_hexdump(tag, tlen);
+ getMac(tag_ref, tlen);
+ if(memcmp(tag, tag_ref, tlen)){
+ cli_putstr("\r\n Result = F");
+ }else{
+ cli_putstr("\r\n Result = P");
+ }
+ }
+}
--- /dev/null
+/* cmacvs.h */
+/*
+ This file is part of the AVR-Crypto-Lib.
+ Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/**
+ * \file cmacvs.h
+ * \author Daniel Otte
+ * \date 2010-02-02
+ * \license GPLv3 or later
+ *
+ */
+
+#ifndef CMACVS_H_
+#define CMACVS_H_
+
+#include <stdlib.h>
+#include "blockcipher_descriptor.h"
+
+extern bcdesc_t* cmacvs_algo;
+extern bcdesc_t** cmacvs_algolist;
+
+void cmacvs_listalgos(void);
+void cmacvs_setalgo(char* param);
+void cmacvs_test1(void);
+void cmacvs_test2(void);
+
+
+#endif /* CMACVS_H_ */
--- /dev/null
+/* main-aes-test.c */
+/*
+ This file is part of the ARM-Crypto-Lib.
+ Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+/*
+ * AES test-suit
+ *
+*/
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "config.h"
+#include "cli.h"
+#include "dump.h"
+#include "uart_lowlevel.h"
+#include "sysclock.h"
+#include "hw_gptm.h"
+
+#include "aes/aes.h"
+
+#include "nessie_bc_test.h"
+#include "performance_test.h"
+
+#include "bcal_aes128.h"
+#include "bcal_aes192.h"
+#include "bcal_aes256.h"
+#include "bcal-cbc.h"
+#include "bcal-cfb_byte.h"
+#include "bcal-cfb_bit.h"
+#include "bcal-ofb.h"
+#include "bcal-ctr.h"
+#include "bcal-cmac.h"
+#include "bcal-eax.h"
+#include "cmacvs.h"
+#include "bcal-performance.h"
+
+
+char* algo_name = "AES";
+
+void uart0_putc(char byte){
+ uart_putc(UART_0, byte);
+}
+
+char uart0_getc(void){
+ return uart_getc(UART_0);
+}
+
+const bcdesc_t* algolist[] = {
+ (bcdesc_t*)&aes128_desc,
+ (bcdesc_t*)&aes192_desc,
+ (bcdesc_t*)&aes256_desc,
+ NULL
+};
+
+/*****************************************************************************
+ * additional validation-functions *
+ *****************************************************************************/
+
+void testrun_nessie_aes(void){
+ nessie_bc_ctx.blocksize_B = 16;
+ nessie_bc_ctx.keysize_b = 128;
+ nessie_bc_ctx.name = algo_name;
+ nessie_bc_ctx.ctx_size_B = sizeof(aes128_ctx_t);
+ nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes128_enc;
+ nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes128_dec;
+ nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)aes_init;
+ nessie_bc_run();
+
+ nessie_bc_ctx.keysize_b = 192;
+ nessie_bc_ctx.ctx_size_B = sizeof(aes192_ctx_t);
+ nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes192_enc;
+ nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes192_dec;
+ nessie_bc_run();
+
+ nessie_bc_ctx.keysize_b = 256;
+ nessie_bc_ctx.ctx_size_B = sizeof(aes256_ctx_t);
+ nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes256_enc;
+ nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes256_dec;
+ nessie_bc_run();
+}
+
+void testrun_test_aes(void){
+ uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
+ 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88,
+ 0x09, 0xcf, 0x4f, 0x3c };
+ uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8,
+ 0x88, 0x5a, 0x30, 0x8d,
+ 0x31, 0x31, 0x98, 0xa2,
+ 0xe0, 0x37, 0x07, 0x34 };
+ aes128_ctx_t ctx;
+ aes128_init(key, &ctx);
+ cli_putstr("\r\n\r\n cipher test (FIPS 197):\r\n key: ");
+ cli_hexdump(key, 16);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump(data, 16);
+ aes128_enc(data, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump(data, 16);
+ aes128_dec(data, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump(data, 16);
+ cli_putstr("\r\n testing bcal:");
+ bcgen_ctx_t bcal_ctx;
+ uint8_t r;
+ r = bcal_cipher_init(&aes128_desc, key, 128, &bcal_ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+
+ bcal_cipher_enc(data, &bcal_ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump(data, 16);
+ bcal_cipher_dec(data, &bcal_ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump(data, 16);
+ bcal_cipher_free(&bcal_ctx);
+}
+
+void testrun_testkey_aes128(void){
+ uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16,
+ 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88,
+ 0x09, 0xcf, 0x4f, 0x3c};
+ aes128_ctx_t ctx;
+ uint8_t i;
+ aes128_init(key, &ctx);
+ cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: ");
+ cli_hexdump(key, 16);
+ for(i=0; i<11; ++i){
+ cli_putstr("\r\n index: ");
+ cli_putc('0'+i/10);
+ cli_putc('0'+i%10);
+ cli_putstr(" roundkey ");
+ cli_hexdump(ctx.key[i].ks, 16);
+ }
+}
+
+void testrun_testkey_aes192(void){
+ uint8_t key[24] = { 0x8e, 0x73, 0xb0, 0xf7,
+ 0xda, 0x0e, 0x64, 0x52,
+ 0xc8, 0x10, 0xf3, 0x2b,
+ 0x80, 0x90, 0x79, 0xe5,
+ 0x62, 0xf8, 0xea, 0xd2,
+ 0x52, 0x2c, 0x6b, 0x7b};
+ aes192_ctx_t ctx;
+ uint8_t i;
+ memset(&ctx, 0, sizeof(aes192_ctx_t));
+ aes192_init(key, &ctx);
+ cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: ");
+ cli_hexdump(key, 24);
+ for(i=0; i<13; ++i){
+ cli_putstr("\r\n index: ");
+ cli_putc('0'+i/10);
+ cli_putc('0'+i%10);
+ cli_putstr(" roundkey ");
+ cli_hexdump(ctx.key[i].ks, 16);
+ }
+}
+
+
+void testrun_testkey_aes256(void){
+ uint8_t key[32] = { 0x60, 0x3d, 0xeb, 0x10,
+ 0x15, 0xca, 0x71, 0xbe,
+ 0x2b, 0x73, 0xae, 0xf0,
+ 0x85, 0x7d, 0x77, 0x81,
+ 0x1f, 0x35, 0x2c, 0x07,
+ 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3,
+ 0x09, 0x14, 0xdf, 0xf4};
+ aes256_ctx_t ctx;
+ uint8_t i;
+ memset(&ctx, 0, sizeof(aes256_ctx_t));
+ aes256_init(key, &ctx);
+ cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: ");
+ cli_hexdump(key, 32);
+ for(i=0; i<15; ++i){
+ cli_putstr("\r\n index: ");
+ cli_putc('0'+i/10);
+ cli_putc('0'+i%10);
+ cli_putstr(" roundkey ");
+ cli_hexdump(ctx.key[i].ks, 16);
+ }
+}
+
+void testrun_testkey_aes(void){
+ testrun_testkey_aes128();
+ testrun_testkey_aes192();
+ testrun_testkey_aes256();
+}
+
+const uint8_t modes_key[] = {
+ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
+ 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c,
+ 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+ 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+ };
+const uint8_t modes_iv[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+const uint8_t modes_ctriv[] = {
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+ };
+
+const uint8_t modes_plain[] = {
+ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+ 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+ /* --- */
+ 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+ 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+ /* --- */
+ 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+ 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+ /* --- */
+ 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+ 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+ };
+
+
+void testrun_aes128_cbc(void){
+ uint8_t key[16];
+ uint8_t iv[16];
+ uint8_t plain[64];
+
+ bcal_cbc_ctx_t ctx;
+ uint8_t r;
+
+ memcpy(key, modes_key, 16);
+ memcpy(iv, modes_iv, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-CBC-TEST **");
+ r = bcal_cbc_init(&aes128_desc, key, 128, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ cli_putstr("\r\n IV: ");
+ cli_hexdump(iv, 128/8);
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ if(r)
+ return;
+ bcal_cbc_encMsg(iv, plain, 4, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_cbc_decMsg(iv, plain, 4, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_cbc_free(&ctx);
+}
+
+void testrun_aes128_cfb8(void){
+ uint8_t key[16];
+ uint8_t iv[16];
+ uint8_t plain[64];
+
+ bcal_cfb_B_ctx_t ctx;
+ uint8_t r;
+
+ memcpy(key, modes_key, 16);
+ memcpy(iv, modes_iv, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-CFB8-TEST **");
+ r = bcal_cfb_B_init(&aes128_desc, key, 128, 8, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ cli_putstr("\r\n IV: ");
+ cli_hexdump(iv, 128/8);
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ if(r)
+ return;
+ bcal_cfb_B_encMsg(iv, plain, 64, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 64, 4, 16);
+
+ bcal_cfb_B_decMsg(iv, plain, 64, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 64, 4, 16);
+
+ bcal_cfb_B_free(&ctx);
+
+}
+
+void testrun_aes128_cfb1(void){
+ uint8_t key[16];
+ uint8_t iv[16];
+ uint8_t plain[64];
+
+ bcal_cfb_b_ctx_t ctx;
+ uint8_t r;
+
+ memcpy(key, modes_key, 16);
+ memcpy(iv, modes_iv, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-CFB1-TEST **");
+ r = bcal_cfb_b_init(&aes128_desc, key, 128, 1, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ cli_putstr("\r\n IV: ");
+ cli_hexdump(iv, 128/8);
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(plain, 2, 4, 16);
+ if(r)
+ return;
+ uint8_t i, bit_offset, byte_offset;
+ bcal_cfb_b_loadIV(iv, &ctx);
+ for(i=0; i<16; ++i){
+ byte_offset = i/8;
+ bit_offset = i&7;
+ cli_putstr("\r\n plain bit: ");
+ cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
+ bcal_cfb_b_encNext(plain+byte_offset, bit_offset, &ctx);
+ cli_putstr("\r\n cipher bit: ");
+ cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
+ }
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 2, 4, 16);
+
+ bcal_cfb_b_loadIV(iv, &ctx);
+ for(i=0; i<16; ++i){
+ byte_offset = i/8;
+ bit_offset = i&7;
+ cli_putstr("\r\n plain bit: ");
+ cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
+ bcal_cfb_b_decNext(plain+byte_offset, bit_offset, &ctx);
+ cli_putstr("\r\n cipher bit: ");
+ cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0');
+ }
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 2, 4, 16);
+
+
+ bcal_cfb_b_encMsg(iv, plain, 0, 64*8, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 64, 4, 16);
+
+ bcal_cfb_b_decMsg(iv, plain, 0, 64*8, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 64, 4, 16);
+
+ bcal_cfb_b_free(&ctx);
+}
+
+void testrun_aes128_ofb(void){
+ uint8_t key[16];
+ uint8_t iv[16];
+ uint8_t plain[64];
+
+ bcal_ofb_ctx_t ctx;
+ uint8_t r;
+
+ memcpy(key, modes_key, 16);
+ memcpy(iv, modes_iv, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-OFB-TEST **");
+ r = bcal_ofb_init(&aes128_desc, key, 128, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ cli_putstr("\r\n IV: ");
+ cli_hexdump(iv, 128/8);
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ if(r)
+ return;
+ bcal_ofb_encMsg(iv, plain, 4*128, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_ofb_decMsg(iv, plain, 4*128, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_ofb_free(&ctx);
+}
+
+void testrun_aes128_ctr(void){
+ uint8_t key[16];
+ uint8_t iv[16];
+ uint8_t plain[64];
+
+ bcal_ctr_ctx_t ctx;
+ uint8_t r;
+
+ memcpy(key, modes_key, 16);
+ memcpy(iv, modes_ctriv, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-CTR-TEST **");
+ r = bcal_ctr_init(&aes128_desc, key, 128, NULL, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ cli_putstr("\r\n IV: ");
+ cli_hexdump(iv, 128/8);
+ cli_putstr("\r\n plaintext:");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ if(r)
+ return;
+ bcal_ctr_encMsg(iv, plain, 4*128, &ctx);
+ cli_putstr("\r\n ciphertext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_ctr_decMsg(iv, plain, 4*128, &ctx);
+ cli_putstr("\r\n plaintext: ");
+ cli_hexdump_block(plain, 4*128/8, 4, 16);
+ bcal_ctr_free(&ctx);
+}
+
+void testrun_aes128_cmac(void){
+ uint8_t key[16];
+ uint8_t tag[16];
+ uint8_t plain[64];
+ uint16_t length[] = { 0, 128, 320, 512 };
+ bcal_cmac_ctx_t ctx;
+ uint8_t r,i;
+
+ memcpy(key, modes_key, 16);
+ memcpy(plain, modes_plain, 64);
+
+ cli_putstr("\r\n** AES128-CMAC-TEST **");
+
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ for(i=0; i<4; ++i){
+ r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n message: ");
+ cli_hexdump_block(plain, length[i]/8, 4, 16);
+ if(r)
+ return;
+ bcal_cmac(tag, 128, plain, length[i], &ctx);
+ cli_putstr("\r\n tag: ");
+ cli_hexdump_block(tag, 128/8, 4, 16);
+ bcal_cmac_free(&ctx);
+ }
+}
+/*
+Klen = 16
+Mlen = 18
+Tlen = 2
+Key = 3250974e306b4b678f914b514d1e90f6
+Msg = cf132fd4ebc25fd3866f1a95a6193a1a9cdf
+*/
+void testrun_aes128_cmac72(void){
+ uint8_t key[16]= {
+ 0x32, 0x50, 0x97, 0x4e, 0x30, 0x6b, 0x4b, 0x67,
+ 0x8f, 0x91, 0x4b, 0x51, 0x4d, 0x1e, 0x90, 0xf6
+ };
+ uint8_t tag[2];
+ uint8_t plain[18] = {
+ 0xcf, 0x13, 0x2f, 0xd4, 0xeb, 0xc2, 0x5f, 0xd3,
+ 0x86, 0x6f, 0x1a, 0x95, 0xa6, 0x19, 0x3a, 0x1a,
+ 0x9c, 0xdf,
+ };
+ bcal_cmac_ctx_t ctx;
+ uint8_t r;
+
+
+ cli_putstr("\r\n** AES128-CMAC-72-TEST **");
+
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 128/8);
+ r = bcal_cmac_init(&aes128_desc, key, 128, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ cli_putstr("\r\n message: ");
+ cli_hexdump_block(plain, 18, 4, 16);
+ if(r)
+ return;
+ bcal_cmac(tag, 16, plain, 18*8, &ctx);
+ cli_putstr("\r\n tag: ");
+ cli_hexdump_block(tag, 2, 4, 16);
+ bcal_cmac_free(&ctx);
+}
+/*
+Count = 0
+Klen = 24
+Mlen = 0
+Tlen = 2
+Key = 2b2aaa666be161ed16648e862ac9bd1e317f71bc69e268b5
+Msg = 00
+*/
+void testrun_aes192_cmac0(void){
+ uint8_t key[24]= {
+ 0x2b, 0x2a, 0xaa, 0x66, 0x6b, 0xe1, 0x61, 0xed,
+ 0x16, 0x64, 0x8e, 0x86, 0x2a, 0xc9, 0xbd, 0x1e,
+ 0x31, 0x7f, 0x71, 0xbc, 0x69, 0xe2, 0x68, 0xb5
+ };
+ uint8_t tag[2];
+ uint8_t plain[1] = {
+ 0x00
+ };
+ bcal_cmac_ctx_t ctx;
+ uint8_t r;
+
+
+ cli_putstr("\r\n** AES192-CMAC-0-TEST **");
+
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 192/8);
+ r = bcal_cmac_init(&aes192_desc, key, 192, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ if(r)
+ return;
+ bcal_cmac(tag, 16, plain, 0*8, &ctx);
+ cli_putstr("\r\n tag: ");
+ cli_hexdump_block(tag, 2, 4, 16);
+ bcal_cmac_free(&ctx);
+}
+
+const uint8_t eax_msg[] = {
+ 0xF7, 0xFB,
+ 0x1A, 0x47, 0xCB, 0x49, 0x33,
+ 0x48, 0x1C, 0x9E, 0x39, 0xB1,
+ 0x40, 0xD0, 0xC0, 0x7D, 0xA5, 0xE4,
+ 0x4D, 0xE3, 0xB3, 0x5C, 0x3F, 0xC0, 0x39, 0x24, 0x5B, 0xD1, 0xFB, 0x7D,
+ 0x8B, 0x0A, 0x79, 0x30, 0x6C, 0x9C, 0xE7, 0xED, 0x99, 0xDA, 0xE4, 0xF8, 0x7F, 0x8D, 0xD6, 0x16, 0x36,
+ 0x1B, 0xDA, 0x12, 0x2B, 0xCE, 0x8A, 0x8D, 0xBA, 0xF1, 0x87, 0x7D, 0x96, 0x2B, 0x85, 0x92, 0xDD, 0x2D, 0x56,
+ 0x6C, 0xF3, 0x67, 0x20, 0x87, 0x2B, 0x85, 0x13, 0xF6, 0xEA, 0xB1, 0xA8, 0xA4, 0x44, 0x38, 0xD5, 0xEF, 0x11,
+ 0xCA, 0x40, 0xD7, 0x44, 0x6E, 0x54, 0x5F, 0xFA, 0xED, 0x3B, 0xD1, 0x2A, 0x74, 0x0A, 0x65, 0x9F, 0xFB, 0xBB, 0x3C, 0xEA, 0xB7
+};
+
+const uint8_t eax_msg_len[] = {0, 2, 5, 5, 6, 12, 17, 18, 18, 21};
+
+const uint8_t eax_key[] = {
+ 0x23, 0x39, 0x52, 0xDE, 0xE4, 0xD5, 0xED, 0x5F, 0x9B, 0x9C, 0x6D, 0x6F, 0xF8, 0x0F, 0xF4, 0x78,
+ 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4,
+ 0x01, 0xF7, 0x4A, 0xD6, 0x40, 0x77, 0xF2, 0xE7, 0x04, 0xC0, 0xF6, 0x0A, 0xDA, 0x3D, 0xD5, 0x23,
+ 0xD0, 0x7C, 0xF6, 0xCB, 0xB7, 0xF3, 0x13, 0xBD, 0xDE, 0x66, 0xB7, 0x27, 0xAF, 0xD3, 0xC5, 0xE8,
+ 0x35, 0xB6, 0xD0, 0x58, 0x00, 0x05, 0xBB, 0xC1, 0x2B, 0x05, 0x87, 0x12, 0x45, 0x57, 0xD2, 0xC2,
+ 0xBD, 0x8E, 0x6E, 0x11, 0x47, 0x5E, 0x60, 0xB2, 0x68, 0x78, 0x4C, 0x38, 0xC6, 0x2F, 0xEB, 0x22,
+ 0x7C, 0x77, 0xD6, 0xE8, 0x13, 0xBE, 0xD5, 0xAC, 0x98, 0xBA, 0xA4, 0x17, 0x47, 0x7A, 0x2E, 0x7D,
+ 0x5F, 0xFF, 0x20, 0xCA, 0xFA, 0xB1, 0x19, 0xCA, 0x2F, 0xC7, 0x35, 0x49, 0xE2, 0x0F, 0x5B, 0x0D,
+ 0xA4, 0xA4, 0x78, 0x2B, 0xCF, 0xFD, 0x3E, 0xC5, 0xE7, 0xEF, 0x6D, 0x8C, 0x34, 0xA5, 0x61, 0x23,
+ 0x83, 0x95, 0xFC, 0xF1, 0xE9, 0x5B, 0xEB, 0xD6, 0x97, 0xBD, 0x01, 0x0B, 0xC7, 0x66, 0xAA, 0xC3
+};
+
+const uint8_t eax_nonce[] = {
+ 0x62, 0xEC, 0x67, 0xF9, 0xC3, 0xA4, 0xA4, 0x07, 0xFC, 0xB2, 0xA8, 0xC4, 0x90, 0x31, 0xA8, 0xB3,
+ 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD,
+ 0x70, 0xC3, 0xDB, 0x4F, 0x0D, 0x26, 0x36, 0x84, 0x00, 0xA1, 0x0E, 0xD0, 0x5D, 0x2B, 0xFF, 0x5E,
+ 0x84, 0x08, 0xDF, 0xFF, 0x3C, 0x1A, 0x2B, 0x12, 0x92, 0xDC, 0x19, 0x9E, 0x46, 0xB7, 0xD6, 0x17,
+ 0xFD, 0xB6, 0xB0, 0x66, 0x76, 0xEE, 0xDC, 0x5C, 0x61, 0xD7, 0x42, 0x76, 0xE1, 0xF8, 0xE8, 0x16,
+ 0x6E, 0xAC, 0x5C, 0x93, 0x07, 0x2D, 0x8E, 0x85, 0x13, 0xF7, 0x50, 0x93, 0x5E, 0x46, 0xDA, 0x1B,
+ 0x1A, 0x8C, 0x98, 0xDC, 0xD7, 0x3D, 0x38, 0x39, 0x3B, 0x2B, 0xF1, 0x56, 0x9D, 0xEE, 0xFC, 0x19,
+ 0xDD, 0xE5, 0x9B, 0x97, 0xD7, 0x22, 0x15, 0x6D, 0x4D, 0x9A, 0xFF, 0x2B, 0xC7, 0x55, 0x98, 0x26,
+ 0xB7, 0x81, 0xFC, 0xF2, 0xF7, 0x5F, 0xA5, 0xA8, 0xDE, 0x97, 0xA9, 0xCA, 0x48, 0xE5, 0x22, 0xEC,
+ 0x22, 0xE7, 0xAD, 0xD9, 0x3C, 0xFC, 0x63, 0x93, 0xC5, 0x7E, 0xC0, 0xB3, 0xC1, 0x7D, 0x6B, 0x44
+};
+
+const uint8_t eax_header[] = {
+ 0x6B, 0xFB, 0x91, 0x4F, 0xD0, 0x7E, 0xAE, 0x6B,
+ 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA,
+ 0x23, 0x4A, 0x34, 0x63, 0xC1, 0x26, 0x4A, 0xC6,
+ 0x33, 0xCC, 0xE2, 0xEA, 0xBF, 0xF5, 0xA7, 0x9D,
+ 0xAE, 0xB9, 0x6E, 0xAE, 0xBE, 0x29, 0x70, 0xE9,
+ 0xD4, 0x48, 0x2D, 0x1C, 0xA7, 0x8D, 0xCE, 0x0F,
+ 0x65, 0xD2, 0x01, 0x79, 0x90, 0xD6, 0x25, 0x28,
+ 0x54, 0xB9, 0xF0, 0x4E, 0x6A, 0x09, 0x18, 0x9A,
+ 0x89, 0x9A, 0x17, 0x58, 0x97, 0x56, 0x1D, 0x7E,
+ 0x12, 0x67, 0x35, 0xFC, 0xC3, 0x20, 0xD2, 0x5A
+};
+
+const uint8_t eax_cipher[] = {
+ 0xE0, 0x37, 0x83, 0x0E, 0x83, 0x89, 0xF2, 0x7B, 0x02, 0x5A, 0x2D, 0x65, 0x27, 0xE7, 0x9D, 0x01,
+ 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 0x67, 0xE5,
+ 0xD8, 0x51, 0xD5, 0xBA, 0xE0, 0x3A, 0x59, 0xF2, 0x38, 0xA2, 0x3E, 0x39, 0x19, 0x9D, 0xC9, 0x26, 0x66, 0x26, 0xC4, 0x0F, 0x80,
+ 0x63, 0x2A, 0x9D, 0x13, 0x1A, 0xD4, 0xC1, 0x68, 0xA4, 0x22, 0x5D, 0x8E, 0x1F, 0xF7, 0x55, 0x93, 0x99, 0x74, 0xA7, 0xBE, 0xDE,
+ 0x07, 0x1D, 0xFE, 0x16, 0xC6, 0x75, 0xCB, 0x06, 0x77, 0xE5, 0x36, 0xF7, 0x3A, 0xFE, 0x6A, 0x14, 0xB7, 0x4E, 0xE4, 0x98, 0x44, 0xDD,
+ 0x83, 0x5B, 0xB4, 0xF1, 0x5D, 0x74, 0x3E, 0x35, 0x0E, 0x72, 0x84, 0x14, 0xAB, 0xB8, 0x64, 0x4F, 0xD6, 0xCC, 0xB8, 0x69, 0x47, 0xC5, 0xE1, 0x05, 0x90, 0x21, 0x0A, 0x4F,
+ 0x02, 0x08, 0x3E, 0x39, 0x79, 0xDA, 0x01, 0x48, 0x12, 0xF5, 0x9F, 0x11, 0xD5, 0x26, 0x30, 0xDA, 0x30, 0x13, 0x73, 0x27, 0xD1, 0x06, 0x49, 0xB0, 0xAA, 0x6E, 0x1C, 0x18, 0x1D, 0xB6, 0x17, 0xD7, 0xF2,
+ 0x2E, 0xC4, 0x7B, 0x2C, 0x49, 0x54, 0xA4, 0x89, 0xAF, 0xC7, 0xBA, 0x48, 0x97, 0xED, 0xCD, 0xAE, 0x8C, 0xC3, 0x3B, 0x60, 0x45, 0x05, 0x99, 0xBD, 0x02, 0xC9, 0x63, 0x82, 0x90, 0x2A, 0xEF, 0x7F, 0x83, 0x2A,
+ 0x0D, 0xE1, 0x8F, 0xD0, 0xFD, 0xD9, 0x1E, 0x7A, 0xF1, 0x9F, 0x1D, 0x8E, 0xE8, 0x73, 0x39, 0x38, 0xB1, 0xE8, 0xE7, 0xF6, 0xD2, 0x23, 0x16, 0x18, 0x10, 0x2F, 0xDB, 0x7F, 0xE5, 0x5F, 0xF1, 0x99, 0x17, 0x00,
+ 0xCB, 0x89, 0x20, 0xF8, 0x7A, 0x6C, 0x75, 0xCF, 0xF3, 0x96, 0x27, 0xB5, 0x6E, 0x3E, 0xD1, 0x97, 0xC5, 0x52, 0xD2, 0x95, 0xA7, 0xCF, 0xC4, 0x6A, 0xFC, 0x25, 0x3B, 0x46, 0x52, 0xB1, 0xAF, 0x37, 0x95, 0xB1, 0x24, 0xAB, 0x6E
+};
+
+void testrun_aes128_eax(void){
+ uint8_t key[16];
+ uint8_t nonce[16];
+ uint8_t header[8];
+ uint8_t tag[16];
+ uint8_t msg[21];
+ uint8_t msg_len;
+ const void* msg_p;
+ const void* cipher_p;
+ uint8_t i, r;
+
+ bcal_eax_ctx_t ctx;
+
+ msg_p = eax_msg;
+ cipher_p = eax_cipher;
+ for(i=0; i<10; ++i){
+ cli_putstr("\r\n\r\n** AES128-EAX-TEST #");
+ cli_putc('0'+i);
+ cli_putstr(" **");
+
+ msg_len = eax_msg_len[i];
+ memcpy(key, eax_key+16*i, 16);
+ memcpy(nonce, eax_nonce+16*i, 16);
+ memcpy(header, eax_header+8*i, 8);
+ memcpy(msg, msg_p, msg_len);
+ msg_p = (uint8_t*)msg_p+msg_len;
+
+ cli_putstr("\r\n key: ");
+ cli_hexdump(key, 16);
+ cli_putstr("\r\n msg: ");
+ if(msg_len){
+ cli_hexdump(msg, msg_len);
+ }
+ cli_putstr("\r\n nonce: ");
+ cli_hexdump(nonce, 16);
+ cli_putstr("\r\n header: ");
+ cli_hexdump(header, 8);
+
+ r = bcal_eax_init(&aes128_desc, key, 128, &ctx);
+ cli_putstr("\r\n init = 0x");
+ cli_hexdump(&r, 1);
+ if(r)
+ return;
+ bcal_eax_loadNonce(nonce, 16*8, &ctx);
+ bcal_eax_addLastHeader(header, 8*8, &ctx);
+ bcal_eax_encLastBlock(msg, msg_len*8, &ctx);
+ bcal_eax_ctx2tag(tag, 128, &ctx);
+
+ cli_putstr("\r\n cipher: ");
+ cli_hexdump_block(msg, msg_len, 4, 16);
+
+ cli_putstr("\r\n tag: ");
+ cli_hexdump_block(tag, 16, 4, 16);
+
+ if(memcmp(msg, cipher_p, msg_len)){
+ cli_putstr("\r\n cipher: [fail]\r\n should: ");
+ memcpy(msg, cipher_p, msg_len);
+ cli_hexdump_block(msg, msg_len, 4, 16);
+ }else{
+ cli_putstr("\r\n cipher: [pass]");
+ }
+ cipher_p = ((uint8_t*)cipher_p)+msg_len;
+ // *
+ if(memcmp(tag, cipher_p, 16)){
+ cli_putstr("\r\n tag: [fail]");
+ }else{
+ cli_putstr("\r\n tag: [pass]");
+ }
+
+ cipher_p = ((uint8_t*)cipher_p)+16;
+ bcal_eax_free(&ctx);
+ }
+}
+
+/*****************************************************************************/
+
+void testrun_performance_aes(void){
+ bcal_performance_multiple(algolist);
+}
+
+/*****************************************************************************
+ * main *
+ *****************************************************************************/
+
+const cmdlist_entry_t cmdlist[] = {
+ { "nessie", NULL, testrun_nessie_aes },
+ { "test", NULL, testrun_test_aes },
+ { "testkey", NULL, testrun_testkey_aes },
+ { "testcbc", NULL, testrun_aes128_cbc },
+ { "testcfb8", NULL, testrun_aes128_cfb8 },
+ { "testcfb1", NULL, testrun_aes128_cfb1 },
+ { "testofb", NULL, testrun_aes128_ofb },
+ { "testctr", NULL, testrun_aes128_ctr },
+ { "testcmac", NULL, testrun_aes128_cmac },
+ { "testcmac72", NULL, testrun_aes128_cmac72 },
+ { "testcmac0", NULL, testrun_aes192_cmac0 },
+ { "testeax", NULL, testrun_aes128_eax },
+ { "cmacvs_list", NULL, cmacvs_listalgos },
+ { "cmacvs_set", (void*)1, (void_fpt)cmacvs_setalgo },
+ { "cmacvs_test1", NULL, cmacvs_test1 },
+ { "cmacvs_test2", NULL, cmacvs_test2 },
+ { "performance", NULL, testrun_performance_aes },
+ { "dump", (void*)1, (void_fpt)dump },
+ { "echo", (void*)1, (void_fpt)echo_ctrl },
+ { NULL, NULL, NULL }
+};
+
+
+int main (void){
+ sysclk_set_freq(SYS_FREQ);
+ sysclk_mosc_verify_enable();
+ uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE);
+ gptm_set_timer_32periodic(TIMER0);
+
+ cli_rx = uart0_getc;
+ cli_tx = uart0_putc;
+
+ cmacvs_algolist=(bcdesc_t**)algolist;
+ cmacvs_algo=(bcdesc_t*)&aes128_desc;
+
+ for(;;){
+ cli_putstr("\r\n\r\nARM-Crypto-Lib VS (");
+ cli_putstr(algo_name);
+ cli_putstr("; ");
+ cli_putstr(__DATE__);
+ cli_putc(' ');
+ cli_putstr(__TIME__);
+ cli_putstr(")\r\nloaded and running\r\n");
+ cmd_interface(cmdlist);
+ }
+}
+