From 3f2f2071c47e2e424af71cc85697f3eb26c24277 Mon Sep 17 00:00:00 2001 From: bg Date: Wed, 14 Jul 2010 19:40:07 +0200 Subject: [PATCH] AES added --- aes/aes.h | 43 +++ aes/aes128_dec.c | 34 ++ aes/aes128_dec.h | 46 +++ aes/aes128_enc.c | 34 ++ aes/aes128_enc.h | 47 +++ aes/aes192_dec.c | 34 ++ aes/aes192_dec.h | 46 +++ aes/aes192_enc.c | 34 ++ aes/aes192_enc.h | 47 +++ aes/aes256_dec.c | 34 ++ aes/aes256_dec.h | 46 +++ aes/aes256_enc.c | 34 ++ aes/aes256_enc.h | 47 +++ aes/aes_dec.c | 130 +++++++ aes/aes_dec.h | 36 ++ aes/aes_enc.c | 119 +++++++ aes/aes_enc.h | 36 ++ aes/aes_invsbox.c | 22 ++ aes/aes_invsbox.h | 33 ++ aes/aes_keyschedule.c | 93 +++++ aes/aes_keyschedule.h | 75 ++++ aes/aes_sbox.c | 39 +++ aes/aes_sbox.h | 33 ++ aes/aes_types.h | 56 +++ aes/gf256mul.c | 40 +++ aes/gf256mul.h | 37 ++ aes/memxor.c | 12 + bcal-basic.c | 92 +++++ bcal-basic.h | 35 ++ bcal-cbc.c | 84 +++++ bcal-cbc.h | 44 +++ bcal-cfb_bit.c | 128 +++++++ bcal-cfb_bit.h | 47 +++ bcal-cfb_byte.c | 88 +++++ bcal-cfb_byte.h | 46 +++ bcal-cmac.c | 152 ++++++++ bcal-cmac.h | 45 +++ bcal-ctr.c | 95 +++++ bcal-ctr.h | 45 +++ bcal-eax.c | 119 +++++++ bcal-eax.h | 53 +++ bcal-ofb.c | 76 ++++ bcal-ofb.h | 46 +++ bcal-performance.c | 149 ++++++++ bcal-performance.h | 38 ++ bcal_aes128.c | 54 +++ bcal_aes128.h | 34 ++ bcal_aes192.c | 54 +++ bcal_aes192.h | 34 ++ bcal_aes256.c | 54 +++ bcal_aes256.h | 34 ++ blockcipher_descriptor.h | 98 ++++++ host/get_test.rb | 1 + keysize_descriptor.c | 87 +++++ keysize_descriptor.h | 58 +++ test_src/cmacvs.c | 586 +++++++++++++++++++++++++++++++ test_src/cmacvs.h | 42 +++ test_src/main-aes-test.c | 735 +++++++++++++++++++++++++++++++++++++++ 58 files changed, 4540 insertions(+) create mode 100644 aes/aes.h create mode 100644 aes/aes128_dec.c create mode 100644 aes/aes128_dec.h create mode 100644 aes/aes128_enc.c create mode 100644 aes/aes128_enc.h create mode 100644 aes/aes192_dec.c create mode 100644 aes/aes192_dec.h create mode 100644 aes/aes192_enc.c create mode 100644 aes/aes192_enc.h create mode 100644 aes/aes256_dec.c create mode 100644 aes/aes256_dec.h create mode 100644 aes/aes256_enc.c create mode 100644 aes/aes256_enc.h create mode 100644 aes/aes_dec.c create mode 100644 aes/aes_dec.h create mode 100644 aes/aes_enc.c create mode 100644 aes/aes_enc.h create mode 100644 aes/aes_invsbox.c create mode 100644 aes/aes_invsbox.h create mode 100644 aes/aes_keyschedule.c create mode 100644 aes/aes_keyschedule.h create mode 100644 aes/aes_sbox.c create mode 100644 aes/aes_sbox.h create mode 100644 aes/aes_types.h create mode 100644 aes/gf256mul.c create mode 100644 aes/gf256mul.h create mode 100644 aes/memxor.c create mode 100644 bcal-basic.c create mode 100644 bcal-basic.h create mode 100644 bcal-cbc.c create mode 100644 bcal-cbc.h create mode 100644 bcal-cfb_bit.c create mode 100644 bcal-cfb_bit.h create mode 100644 bcal-cfb_byte.c create mode 100644 bcal-cfb_byte.h create mode 100644 bcal-cmac.c create mode 100644 bcal-cmac.h create mode 100644 bcal-ctr.c create mode 100644 bcal-ctr.h create mode 100644 bcal-eax.c create mode 100644 bcal-eax.h create mode 100644 bcal-ofb.c create mode 100644 bcal-ofb.h create mode 100644 bcal-performance.c create mode 100644 bcal-performance.h create mode 100644 bcal_aes128.c create mode 100644 bcal_aes128.h create mode 100644 bcal_aes192.c create mode 100644 bcal_aes192.h create mode 100644 bcal_aes256.c create mode 100644 bcal_aes256.h create mode 100644 blockcipher_descriptor.h create mode 100644 keysize_descriptor.c create mode 100644 keysize_descriptor.h create mode 100644 test_src/cmacvs.c create mode 100644 test_src/cmacvs.h create mode 100644 test_src/main-aes-test.c diff --git a/aes/aes.h b/aes/aes.h new file mode 100644 index 0000000..8e651f4 --- /dev/null +++ b/aes/aes.h @@ -0,0 +1,43 @@ +/* aes.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_H_ +#define AES_H_ + +#include + +#include "aes_types.h" +#include "aes128_enc.h" +#include "aes192_enc.h" +#include "aes256_enc.h" +#include "aes128_dec.h" +#include "aes192_dec.h" +#include "aes256_dec.h" +#include "aes_enc.h" +#include "aes_dec.h" +#include "aes_keyschedule.h" + +#endif diff --git a/aes/aes128_dec.c b/aes/aes128_dec.c new file mode 100644 index 0000000..42d1eee --- /dev/null +++ b/aes/aes128_dec.c @@ -0,0 +1,34 @@ +/* aes128_dec.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes128_dec.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_dec.h" + +void aes128_dec(void* buffer, aes128_ctx_t* ctx){ + aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 10); +} + diff --git a/aes/aes128_dec.h b/aes/aes128_dec.h new file mode 100644 index 0000000..b5df9df --- /dev/null +++ b/aes/aes128_dec.h @@ -0,0 +1,46 @@ +/* aes128_dec.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes128_dec.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES128_DEC_H_ +#define AES128_DEC_H_ + +#include "aes_types.h" +#include "aes_dec.h" + +/** + * \brief decrypt with 128 bit key. + * + * This function decrypts one block with the AES algorithm under control of + * a keyschedule produced from a 128 bit key. + * \param buffer pointer to the block to decrypt + * \param ctx pointer to the key schedule + */ +void aes128_dec(void* buffer, aes128_ctx_t* ctx); + + + +#endif /* AES128_DEC_H_ */ diff --git a/aes/aes128_enc.c b/aes/aes128_enc.c new file mode 100644 index 0000000..6b5860c --- /dev/null +++ b/aes/aes128_enc.c @@ -0,0 +1,34 @@ +/* aes128_enc.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes128_enc.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_enc.h" + +void aes128_enc(void* buffer, aes128_ctx_t* ctx){ + aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 10); +} + diff --git a/aes/aes128_enc.h b/aes/aes128_enc.h new file mode 100644 index 0000000..98a8cc2 --- /dev/null +++ b/aes/aes128_enc.h @@ -0,0 +1,47 @@ +/* aes128_enc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes128_enc.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES128_ENC_H_ +#define AES128_ENC_H_ + +#include "aes_types.h" +#include "aes_enc.h" + + +/** + * \brief encrypt with 128 bit key. + * + * This function encrypts one block with the AES algorithm under control of + * a keyschedule produced from a 128 bit key. + * \param buffer pointer to the block to encrypt + * \param ctx pointer to the key schedule + */ +void aes128_enc(void* buffer, aes128_ctx_t* ctx); + + + +#endif /* AES128_ENC_H_ */ diff --git a/aes/aes192_dec.c b/aes/aes192_dec.c new file mode 100644 index 0000000..8616e6a --- /dev/null +++ b/aes/aes192_dec.c @@ -0,0 +1,34 @@ +/* aes192_dec.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes192_dec.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_dec.h" + +void aes192_dec(void* buffer, aes192_ctx_t* ctx){ + aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 12); +} + diff --git a/aes/aes192_dec.h b/aes/aes192_dec.h new file mode 100644 index 0000000..577ab44 --- /dev/null +++ b/aes/aes192_dec.h @@ -0,0 +1,46 @@ +/* aes192_dec.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes192_dec.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES192_DEC_H_ +#define AES192_DEC_H_ + +#include "aes_types.h" +#include "aes_dec.h" + +/** + * \brief decrypt with 192 bit key. + * + * This function decrypts one block with the AES algorithm under control of + * a keyschedule produced from a 192 bit key. + * \param buffer pointer to the block to decrypt + * \param ctx pointer to the key schedule + */ +void aes192_dec(void* buffer, aes192_ctx_t* ctx); + + + +#endif /* AES192_DEC_H_ */ diff --git a/aes/aes192_enc.c b/aes/aes192_enc.c new file mode 100644 index 0000000..cee3fc4 --- /dev/null +++ b/aes/aes192_enc.c @@ -0,0 +1,34 @@ +/* aes192_enc.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes192_enc.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_enc.h" + +void aes192_enc(void* buffer, aes192_ctx_t* ctx){ + aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 12); +} + diff --git a/aes/aes192_enc.h b/aes/aes192_enc.h new file mode 100644 index 0000000..1c39aa0 --- /dev/null +++ b/aes/aes192_enc.h @@ -0,0 +1,47 @@ +/* aes192_enc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes192_enc.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES192_ENC_H_ +#define AES192_ENC_H_ + +#include "aes_types.h" +#include "aes_enc.h" + + +/** + * \brief encrypt with 192 bit key. + * + * This function encrypts one block with the AES algorithm under control of + * a keyschedule produced from a 192 bit key. + * \param buffer pointer to the block to encrypt + * \param ctx pointer to the key schedule + */ +void aes192_enc(void* buffer, aes192_ctx_t* ctx); + + + +#endif /* AES192_ENC_H_ */ diff --git a/aes/aes256_dec.c b/aes/aes256_dec.c new file mode 100644 index 0000000..8c1d7b5 --- /dev/null +++ b/aes/aes256_dec.c @@ -0,0 +1,34 @@ +/* aes256_dec.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes256_dec.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_dec.h" + +void aes256_dec(void* buffer, aes256_ctx_t* ctx){ + aes_decrypt_core(buffer, (aes_genctx_t*)ctx, 14); +} + diff --git a/aes/aes256_dec.h b/aes/aes256_dec.h new file mode 100644 index 0000000..14b8a0a --- /dev/null +++ b/aes/aes256_dec.h @@ -0,0 +1,46 @@ +/* aes256_dec.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes256_dec.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES256_DEC_H_ +#define AES256_DEC_H_ + +#include "aes_types.h" +#include "aes_dec.h" + +/** + * \brief decrypt with 256 bit key. + * + * This function decrypts one block with the AES algorithm under control of + * a keyschedule produced from a 256 bit key. + * \param buffer pointer to the block to decrypt + * \param ctx pointer to the key schedule + */ +void aes256_dec(void* buffer, aes256_ctx_t* ctx); + + + +#endif /* AES256_DEC_H_ */ diff --git a/aes/aes256_enc.c b/aes/aes256_enc.c new file mode 100644 index 0000000..9b6e8b2 --- /dev/null +++ b/aes/aes256_enc.c @@ -0,0 +1,34 @@ +/* aes256_enc.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes256_enc.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * + */ + +#include "aes.h" +#include "aes_enc.h" + +void aes256_enc(void* buffer, aes256_ctx_t* ctx){ + aes_encrypt_core(buffer, (aes_genctx_t*)ctx, 14); +} + diff --git a/aes/aes256_enc.h b/aes/aes256_enc.h new file mode 100644 index 0000000..a890cd3 --- /dev/null +++ b/aes/aes256_enc.h @@ -0,0 +1,47 @@ +/* aes256_enc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes256_enc.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-31 + * \license GPLv3 or later + * \ingroup AES + */ + +#ifndef AES256_ENC_H_ +#define AES256_ENC_H_ + +#include "aes_types.h" +#include "aes_enc.h" + + +/** + * \brief encrypt with 256 bit key. + * + * This function encrypts one block with the AES algorithm under control of + * a keyschedule produced from a 256 bit key. + * \param buffer pointer to the block to encrypt + * \param ctx pointer to the key schedule + */ +void aes256_enc(void* buffer, aes256_ctx_t* ctx); + + + +#endif /* AES256_ENC_H_ */ diff --git a/aes/aes_dec.c b/aes/aes_dec.c new file mode 100644 index 0000000..51af9c7 --- /dev/null +++ b/aes/aes_dec.c @@ -0,0 +1,130 @@ +/* aes.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include "gf256mul.h" +#include "aes.h" +#include "aes_invsbox.h" +#include "aes_dec.h" + +void aes_invshiftrow(void* data, uint8_t shift){ + uint8_t tmp[4]; + tmp[0] = ((uint8_t*)data)[(4+0-shift)&3]; + tmp[1] = ((uint8_t*)data)[(4+1-shift)&3]; + tmp[2] = ((uint8_t*)data)[(4+2-shift)&3]; + tmp[3] = ((uint8_t*)data)[(4+3-shift)&3]; + memcpy(data, tmp, 4); +} + +void aes_invshiftcol(void* data, uint8_t shift){ + uint8_t tmp[4]; + tmp[0] = ((uint8_t*)data)[ 0]; + tmp[1] = ((uint8_t*)data)[ 4]; + tmp[2] = ((uint8_t*)data)[ 8]; + tmp[3] = ((uint8_t*)data)[12]; + ((uint8_t*)data)[ 0] = tmp[(4-shift+0)&3]; + ((uint8_t*)data)[ 4] = tmp[(4-shift+1)&3]; + ((uint8_t*)data)[ 8] = tmp[(4-shift+2)&3]; + ((uint8_t*)data)[12] = tmp[(4-shift+3)&3]; +} +static +void aes_dec_round(aes_cipher_state_t* state, const aes_roundkey_t* k){ + uint8_t tmp[16]; + uint8_t i; + uint8_t t,u,v,w; + /* keyAdd */ + for(i=0; i<16; ++i){ + tmp[i] = state->s[i] ^ k->ks[i]; + } + /* mixColums */ + for(i=0; i<4; ++i){ + t = tmp[4*i+3] ^ tmp[4*i+2]; + u = tmp[4*i+1] ^ tmp[4*i+0]; + v = t ^ u; + v = gf256mul(0x09, v, 0x1b); + w = v ^ gf256mul(0x04, tmp[4*i+2] ^ tmp[4*i+0], 0x1b); + v = v ^ gf256mul(0x04, tmp[4*i+3] ^ tmp[4*i+1], 0x1b); + state->s[4*i+3] = tmp[4*i+3] ^ v ^ gf256mul(0x02, tmp[4*i+0] ^ tmp[4*i+3], 0x1b); + state->s[4*i+2] = tmp[4*i+2] ^ w ^ gf256mul(0x02, t, 0x1b); + state->s[4*i+1] = tmp[4*i+1] ^ v ^ gf256mul(0x02, tmp[4*i+2] ^ tmp[4*i+1], 0x1b); + state->s[4*i+0] = tmp[4*i+0] ^ w ^ gf256mul(0x02, u, 0x1b); + + /* + state->s[4*i+0] = + gf256mul(0xe, tmp[4*i+0], 0x1b) + ^ gf256mul(0xb, tmp[4*i+1], 0x1b) + ^ gf256mul(0xd, tmp[4*i+2], 0x1b) + ^ gf256mul(0x9, tmp[4*i+3], 0x1b); + state->s[4*i+1] = + gf256mul(0x9, tmp[4*i+0], 0x1b) + ^ gf256mul(0xe, tmp[4*i+1], 0x1b) + ^ gf256mul(0xb, tmp[4*i+2], 0x1b) + ^ gf256mul(0xd, tmp[4*i+3], 0x1b); + state->s[4*i+2] = + gf256mul(0xd, tmp[4*i+0], 0x1b) + ^ gf256mul(0x9, tmp[4*i+1], 0x1b) + ^ gf256mul(0xe, tmp[4*i+2], 0x1b) + ^ gf256mul(0xb, tmp[4*i+3], 0x1b); + state->s[4*i+3] = + gf256mul(0xb, tmp[4*i+0], 0x1b) + ^ gf256mul(0xd, tmp[4*i+1], 0x1b) + ^ gf256mul(0x9, tmp[4*i+2], 0x1b) + ^ gf256mul(0xe, tmp[4*i+3], 0x1b); + */ + } + /* shiftRows */ + aes_invshiftcol(state->s+1, 1); + aes_invshiftcol(state->s+2, 2); + aes_invshiftcol(state->s+3, 3); + /* subBytes */ + for(i=0; i<16; ++i){ + state->s[i] = aes_invsbox[state->s[i]]; + } +} + + +static +void aes_dec_firstround(aes_cipher_state_t* state, const aes_roundkey_t* k){ + uint8_t i; + /* keyAdd */ + for(i=0; i<16; ++i){ + state->s[i] ^= k->ks[i]; + } + /* shiftRows */ + aes_invshiftcol(state->s+1, 1); + aes_invshiftcol(state->s+2, 2); + aes_invshiftcol(state->s+3, 3); + /* subBytes */ + for(i=0; i<16; ++i){ + state->s[i] = aes_invsbox[state->s[i]]; + } +} + +void aes_decrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds){ + uint8_t i; + aes_dec_firstround(state, &(ks->key[i=rounds])); + for(;rounds>1;--rounds){ + --i; + aes_dec_round(state, &(ks->key[i])); + } + for(i=0; i<16; ++i){ + state->s[i] ^= ks->key[0].ks[i]; + } +} diff --git a/aes/aes_dec.h b/aes/aes_dec.h new file mode 100644 index 0000000..0517bd9 --- /dev/null +++ b/aes/aes_dec.h @@ -0,0 +1,36 @@ +/* aes_dec.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_dec.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_DEC_H_ +#define AES_DEC_H_ +#include "aes_types.h" +#include + + +void aes_decrypt_core(aes_cipher_state_t* state,const aes_genctx_t* ks, uint8_t rounds); + + +#endif diff --git a/aes/aes_enc.c b/aes/aes_enc.c new file mode 100644 index 0000000..3d45af6 --- /dev/null +++ b/aes/aes_enc.c @@ -0,0 +1,119 @@ +/* aes_enc.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_enc.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ + +#include +#include +#include "aes.h" +#include "gf256mul.h" +#include "aes_sbox.h" +#include "aes_enc.h" + +void aes_shiftcol(void* data, uint8_t shift){ + uint8_t tmp[4]; + tmp[0] = ((uint8_t*)data)[ 0]; + tmp[1] = ((uint8_t*)data)[ 4]; + tmp[2] = ((uint8_t*)data)[ 8]; + tmp[3] = ((uint8_t*)data)[12]; + ((uint8_t*)data)[ 0] = tmp[(shift+0)&3]; + ((uint8_t*)data)[ 4] = tmp[(shift+1)&3]; + ((uint8_t*)data)[ 8] = tmp[(shift+2)&3]; + ((uint8_t*)data)[12] = tmp[(shift+3)&3]; +} + +#define GF256MUL_1(a) (a) +#define GF256MUL_2(a) (gf256mul(2, (a), 0x1b)) +#define GF256MUL_3(a) (gf256mul(3, (a), 0x1b)) + +static +void aes_enc_round(aes_cipher_state_t* state, const aes_roundkey_t* k){ + uint8_t tmp[16], t; + uint8_t i; + /* subBytes */ + for(i=0; i<16; ++i){ + tmp[i] = aes_sbox[state->s[i]]; + } + /* shiftRows */ + aes_shiftcol(tmp+1, 1); + aes_shiftcol(tmp+2, 2); + aes_shiftcol(tmp+3, 3); + /* mixColums */ + for(i=0; i<4; ++i){ + t = tmp[4*i+0] ^ tmp[4*i+1] ^ tmp[4*i+2] ^ tmp[4*i+3]; + state->s[4*i+0] = + GF256MUL_2(tmp[4*i+0]^tmp[4*i+1]) + ^ tmp[4*i+0] + ^ t; + state->s[4*i+1] = + GF256MUL_2(tmp[4*i+1]^tmp[4*i+2]) + ^ tmp[4*i+1] + ^ t; + state->s[4*i+2] = + GF256MUL_2(tmp[4*i+2]^tmp[4*i+3]) + ^ tmp[4*i+2] + ^ t; + state->s[4*i+3] = + GF256MUL_2(tmp[4*i+3]^tmp[4*i+0]) + ^ tmp[4*i+3] + ^ t; + } + + /* addKey */ + for(i=0; i<16; ++i){ + state->s[i] ^= k->ks[i]; + } +} + + +static +void aes_enc_lastround(aes_cipher_state_t* state,const aes_roundkey_t* k){ + uint8_t i; + /* subBytes */ + for(i=0; i<16; ++i){ + state->s[i] = aes_sbox[state->s[i]]; + } + /* shiftRows */ + aes_shiftcol(state->s+1, 1); + aes_shiftcol(state->s+2, 2); + aes_shiftcol(state->s+3, 3); + /* keyAdd */ + for(i=0; i<16; ++i){ + state->s[i] ^= k->ks[i]; + } +} + +void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds){ + uint8_t i; + for(i=0; i<16; ++i){ + state->s[i] ^= ks->key[0].ks[i]; + } + i=1; + for(;rounds>1;--rounds){ + aes_enc_round(state, &(ks->key[i])); + ++i; + } + aes_enc_lastround(state, &(ks->key[i])); +} diff --git a/aes/aes_enc.h b/aes/aes_enc.h new file mode 100644 index 0000000..fb25764 --- /dev/null +++ b/aes/aes_enc.h @@ -0,0 +1,36 @@ +/* aes_enc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_enc.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_ENC_H_ +#define AES_ENC_H_ +#include "aes_types.h" +#include + + +void aes_encrypt_core(aes_cipher_state_t* state, const aes_genctx_t* ks, uint8_t rounds); + + +#endif diff --git a/aes/aes_invsbox.c b/aes/aes_invsbox.c new file mode 100644 index 0000000..d83f637 --- /dev/null +++ b/aes/aes_invsbox.c @@ -0,0 +1,22 @@ +/* aes inverted sbox */ + +#include + +const uint8_t aes_invsbox[256] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +}; diff --git a/aes/aes_invsbox.h b/aes/aes_invsbox.h new file mode 100644 index 0000000..42fe9a8 --- /dev/null +++ b/aes/aes_invsbox.h @@ -0,0 +1,33 @@ +/* aes_invsbox.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_invsbox.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_INVSBOX_H_ +#define AES_INVSBOX_H_ +#include + +extern uint8_t aes_invsbox[]; + +#endif diff --git a/aes/aes_keyschedule.c b/aes/aes_keyschedule.c new file mode 100644 index 0000000..2c7953a --- /dev/null +++ b/aes/aes_keyschedule.c @@ -0,0 +1,93 @@ +/* aes_keyschedule.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_keyschedule.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ + +#include +#include "aes.h" +#include "aes_keyschedule.h" +#include "aes_sbox.h" +#include + +static +void aes_rotword(void* a){ + uint8_t t; + t=((uint8_t*)a)[0]; + ((uint8_t*)a)[0] = ((uint8_t*)a)[1]; + ((uint8_t*)a)[1] = ((uint8_t*)a)[2]; + ((uint8_t*)a)[2] = ((uint8_t*)a)[3]; + ((uint8_t*)a)[3] = t; +} + +uint8_t rc_tab[] = { 0x01, 0x02, 0x04, 0x08, + 0x10, 0x20, 0x40, 0x80, + 0x1b, 0x36 }; + +void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx){ + uint8_t hi,i,nk, next_nk; + uint8_t rc=0; + union { + uint32_t v32; + uint8_t v8[4]; + } tmp; + nk=keysize_b>>5; /* 4, 6, 8 */ + hi=4*(nk+6+1); + memcpy(ctx, key, keysize_b/8); + next_nk = nk; + for(i=nk;ikey[0].ks))[i-1]; + if(i!=next_nk){ + if(nk==8 && i%8==4){ + tmp.v8[0] = aes_sbox[tmp.v8[0]]; + tmp.v8[1] = aes_sbox[tmp.v8[1]]; + tmp.v8[2] = aes_sbox[tmp.v8[2]]; + tmp.v8[3] = aes_sbox[tmp.v8[3]]; + } + } else { + next_nk += nk; + aes_rotword(&(tmp.v32)); + tmp.v8[0] = aes_sbox[tmp.v8[0]]; + tmp.v8[1] = aes_sbox[tmp.v8[1]]; + tmp.v8[2] = aes_sbox[tmp.v8[2]]; + tmp.v8[3] = aes_sbox[tmp.v8[3]]; + tmp.v8[0] ^= rc_tab[rc]; + rc++; + } + ((uint32_t*)(ctx->key[0].ks))[i] = ((uint32_t*)(ctx->key[0].ks))[i-nk] + ^ tmp.v32; + } +} + +void aes128_init(const void* key, aes128_ctx_t* ctx){ + aes_init(key, 128, (aes_genctx_t*)ctx); +} + +void aes192_init(const void* key, aes192_ctx_t* ctx){ + aes_init(key, 192, (aes_genctx_t*)ctx); +} + +void aes256_init(const void* key, aes256_ctx_t* ctx){ + aes_init(key, 256, (aes_genctx_t*)ctx); +} diff --git a/aes/aes_keyschedule.h b/aes/aes_keyschedule.h new file mode 100644 index 0000000..ab5786a --- /dev/null +++ b/aes/aes_keyschedule.h @@ -0,0 +1,75 @@ +/* aes_keyschedule.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_keyschedule.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * \ingroup AES + */ + + +#ifndef AES_KEYSCHEDULE_H_ +#define AES_KEYSCHEDULE_H_ + +#include "aes_types.h" +/** + * \brief initialize the keyschedule + * + * This function computes the keyschedule from a given key with a given length + * and stores it in the context variable + * \param key pointer to the key material + * \param keysize_b length of the key in bits (valid are 128, 192 and 256) + * \param ctx pointer to the context where the keyschedule should be stored + */ +void aes_init(const void* key, uint16_t keysize_b, aes_genctx_t* ctx); + +/** + * \brief initialize the keyschedule for 128 bit key + * + * This function computes the keyschedule from a given 128 bit key + * and stores it in the context variable + * \param key pointer to the key material + * \param ctx pointer to the context where the keyschedule should be stored + */ +void aes128_init(const void* key, aes128_ctx_t* ctx); + +/** + * \brief initialize the keyschedule for 192 bit key + * + * This function computes the keyschedule from a given 192 bit key + * and stores it in the context variable + * \param key pointer to the key material + * \param ctx pointer to the context where the keyschedule should be stored + */ +void aes192_init(const void* key, aes192_ctx_t* ctx); + +/** + * \brief initialize the keyschedule for 256 bit key + * + * This function computes the keyschedule from a given 256 bit key + * and stores it in the context variable + * \param key pointer to the key material + * \param ctx pointer to the context where the keyschedule should be stored + */ +void aes256_init(const void* key, aes256_ctx_t* ctx); + +#endif /* AES_KEYSCHEDULE_H_ */ + diff --git a/aes/aes_sbox.c b/aes/aes_sbox.c new file mode 100644 index 0000000..73849dd --- /dev/null +++ b/aes/aes_sbox.c @@ -0,0 +1,39 @@ +/* aes sbox */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +const uint8_t aes_sbox[256] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +}; + diff --git a/aes/aes_sbox.h b/aes/aes_sbox.h new file mode 100644 index 0000000..5bc03b7 --- /dev/null +++ b/aes/aes_sbox.h @@ -0,0 +1,33 @@ +/* aes_sbox.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_sbox.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_SBOX_H_ +#define AES_SBOX_H_ +#include + +extern uint8_t aes_sbox[]; + +#endif diff --git a/aes/aes_types.h b/aes/aes_types.h new file mode 100644 index 0000000..d69dd9f --- /dev/null +++ b/aes/aes_types.h @@ -0,0 +1,56 @@ +/* aes.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file aes_types.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2008-12-30 + * \license GPLv3 or later + * + */ +#ifndef AES_TYPES_H_ +#define AES_TYPES_H_ + +#include + +typedef struct{ + uint8_t ks[16]; +} aes_roundkey_t; + +typedef struct{ + aes_roundkey_t key[10+1]; +} aes128_ctx_t; + +typedef struct{ + aes_roundkey_t key[12+1]; +} aes192_ctx_t; + +typedef struct{ + aes_roundkey_t key[14+1]; +} aes256_ctx_t; + +typedef struct{ + aes_roundkey_t key[1]; /* just to avoid the warning */ +} aes_genctx_t; + +typedef struct{ + uint8_t s[16]; +} aes_cipher_state_t; + +#endif diff --git a/aes/gf256mul.c b/aes/gf256mul.c new file mode 100644 index 0000000..a473646 --- /dev/null +++ b/aes/gf256mul.c @@ -0,0 +1,40 @@ +/* gf256mul.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include + +uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer){ + uint8_t r=0; + while(a&0xFE){ + if(a&1){ + r ^= b; + } + a >>= 1; + if(b&0x80){ + b <<= 1; + b ^= reducer; + }else{ + b <<= 1; + } + } + if(a&1){ + r ^= b; + } + return r; +} diff --git a/aes/gf256mul.h b/aes/gf256mul.h new file mode 100644 index 0000000..87f1cb3 --- /dev/null +++ b/aes/gf256mul.h @@ -0,0 +1,37 @@ +/* gf256mul.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +#ifndef GF256MUL_H_ +#define GF256MUL_H_ + +/** + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2008-12-19 + * \license GPLv3 + * \brief + * + * + */ + +#include + +uint8_t gf256mul(uint8_t a, uint8_t b, uint8_t reducer); + +#endif /* GF256MUL_H_ */ + diff --git a/aes/memxor.c b/aes/memxor.c new file mode 100644 index 0000000..7485b3e --- /dev/null +++ b/aes/memxor.c @@ -0,0 +1,12 @@ +#include + +#include "memxor.h" + +void memxor(void* dest, const void* src, uint16_t n){ + while(n--){ + *((uint8_t*)dest) ^= *((uint8_t*)src); + dest = (uint8_t*)dest +1; + src = (uint8_t*)src +1; + } +} + diff --git a/bcal-basic.c b/bcal-basic.c new file mode 100644 index 0000000..5cb5536 --- /dev/null +++ b/bcal-basic.c @@ -0,0 +1,92 @@ +/* bcal-basic.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include +#include "blockcipher_descriptor.h" +#include "keysize_descriptor.h" + +uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor, + const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx){ + if(!is_valid_keysize_P(cipher_descriptor->valid_keysize_desc, keysize_b)){ + return 1; + } + uint8_t flags; + bc_init_fpt init_fpt; + ctx->desc_ptr = (bcdesc_t*)cipher_descriptor; + ctx->keysize = keysize_b; + flags = cipher_descriptor->flags; + init_fpt.initvoid = (void_fpt)(cipher_descriptor->init.initvoid); + if(init_fpt.initvoid == NULL){ + if(!(ctx->ctx = malloc((keysize_b+7)/8))) + return 2; + memcpy(ctx->ctx, key, (keysize_b+7)/8); + return 0; + } + if(!(ctx->ctx = malloc(cipher_descriptor->ctxsize_B))) + return 3; + if((flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){ + init_fpt.init1((void*)key, (ctx->ctx)); + }else{ + init_fpt.init2((void*)key, keysize_b, (ctx->ctx)); + } + return 0; +} + +void bcal_cipher_free(bcgen_ctx_t* ctx){ + if(!ctx) + return; + bc_free_fpt free_fpt; + free_fpt = (bc_free_fpt)(ctx->desc_ptr->free); + if(free_fpt) + free_fpt((ctx->ctx)); + free(ctx->ctx); +} + +void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx){ + bc_enc_fpt enc_fpt; + enc_fpt.encvoid = (void_fpt)(ctx->desc_ptr->enc.encvoid); + if(!enc_fpt.encvoid){ + /* very bad error, no enciphering function specified */ + return; + } + enc_fpt.enc1(block, (ctx->ctx)); + +} + +void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx){ + bc_dec_fpt dec_fpt; + dec_fpt.decvoid = (void_fpt)(ctx->desc_ptr->dec.decvoid); + if(!dec_fpt.decvoid){ + /* very bad error, no deciphering function specified */ + return; + } + dec_fpt.dec1(block, (ctx->ctx)); +} + +uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc){ + return (desc->blocksize_b); +} + +const void* bcal_cipher_getKeysizeDesc(const bcdesc_t* desc){ + return (desc->valid_keysize_desc); +} + + diff --git a/bcal-basic.h b/bcal-basic.h new file mode 100644 index 0000000..04165eb --- /dev/null +++ b/bcal-basic.h @@ -0,0 +1,35 @@ +/* bcal-basic.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCAL_BASIC_H_ +#define BCAL_BASIC_H_ + +#include +#include +#include "blockcipher_descriptor.h" +#include "keysize_descriptor.h" + +uint8_t bcal_cipher_init(const bcdesc_t* cipher_descriptor, + const void* key, uint16_t keysize_b, bcgen_ctx_t* ctx); +void bcal_cipher_free(bcgen_ctx_t* ctx); +void bcal_cipher_enc(void* block, const bcgen_ctx_t* ctx); +void bcal_cipher_dec(void* block, const bcgen_ctx_t* ctx); +uint16_t bcal_cipher_getBlocksize_b(const bcdesc_t* desc); +const void* bcal_cipher_getKeysizeDesc(const bcdesc_t* desc); +#endif /* BCAL_BASIC_H_ */ diff --git a/bcal-cbc.c b/bcal-cbc.c new file mode 100644 index 0000000..16d27a1 --- /dev/null +++ b/bcal-cbc.c @@ -0,0 +1,84 @@ +/* bcal-cbc.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include "bcal-cbc.h" +#include "bcal-basic.h" +#include "memxor.h" + +uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx){ + ctx->desc = (bcdesc_t*)desc; + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->prev_block = malloc(ctx->blocksize_B); + + if(ctx->prev_block==NULL){ + return 0x11; + } + return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); +} + +void bcal_cbc_free(bcal_cbc_ctx_t* ctx){ + bcal_cipher_free(&(ctx->cctx)); + free(ctx->prev_block); +} + + +void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx){ + if(iv){ + memcpy(ctx->prev_block, iv, ctx->blocksize_B); + } +} + +void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx){ + memxor(block, ctx->prev_block, ctx->blocksize_B); + bcal_cipher_enc(block, &(ctx->cctx)); + memcpy(ctx->prev_block, block, ctx->blocksize_B); +} + +void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + memcpy(tmp, block, ctx->blocksize_B); + bcal_cipher_dec(block, &(ctx->cctx)); + memxor(block, ctx->prev_block, ctx->blocksize_B); + memcpy(ctx->prev_block, tmp, ctx->blocksize_B); +} +void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx){ + bcal_cipher_dec(block, &(ctx->cctx)); + memxor(block, prev_block, ctx->blocksize_B); +} + +void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){ + bcal_cbc_loadIV(iv, ctx); + while(msg_blocks--){ + bcal_cbc_encNext(msg, ctx); + msg = (uint8_t*)msg + ctx->blocksize_B; + } +} + +void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx){ + msg=(uint8_t*)msg + (msg_blocks-1)*ctx->blocksize_B; + while(msg_blocks > 1){ + bcal_cbc_decRand(msg, (uint8_t*)msg-ctx->blocksize_B, ctx); + msg_blocks -= 1; + msg=(uint8_t*)msg-ctx->blocksize_B; + } + bcal_cbc_decRand(msg, iv, ctx); +} + diff --git a/bcal-cbc.h b/bcal-cbc.h new file mode 100644 index 0000000..ba20186 --- /dev/null +++ b/bcal-cbc.h @@ -0,0 +1,44 @@ +/* bcal-cbc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCALCBC_H_ +#define BCALCBC_H_ + +#include +#include "blockcipher_descriptor.h" +#include "bcal-basic.h" + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* prev_block; + uint8_t blocksize_B; +} bcal_cbc_ctx_t; + +uint8_t bcal_cbc_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cbc_ctx_t* ctx); +void bcal_cbc_free(bcal_cbc_ctx_t* ctx); +void bcal_cbc_loadIV(const void* iv, bcal_cbc_ctx_t* ctx); +void bcal_cbc_encNext(void* block, bcal_cbc_ctx_t* ctx); +void bcal_cbc_decNext(void* block, bcal_cbc_ctx_t* ctx); +void bcal_cbc_decRand(void* block, const void* prev_block, bcal_cbc_ctx_t* ctx); +void bcal_cbc_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx); +void bcal_cbc_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cbc_ctx_t* ctx); + + +#endif /* BCALCBC_H_ */ diff --git a/bcal-cfb_bit.c b/bcal-cfb_bit.c new file mode 100644 index 0000000..6ddb57f --- /dev/null +++ b/bcal-cfb_bit.c @@ -0,0 +1,128 @@ +/* bcal-cfb_bit.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include +#include +#include "bcal-cfb_bit.h" +#include "bcal-basic.h" + +static uint8_t read_bit(void* block, uint32_t index){ + uint8_t r; + r=((uint8_t*)block)[index/8]; + r=(r&(0x80>>(index&7)))?0xff:0x00; + return r; +} + +static void write_bit(void* block, uint32_t index, uint8_t value){ + if(value){ + /* set bit */ + ((uint8_t*)block)[index/8] |= 0x80>>(index&7); + }else{ + /* clear bit */ + ((uint8_t*)block)[index/8] &= ~(0x80>>(index&7)); + } +} + +uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx){ + ctx->desc = (bcdesc_t*)desc; + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->in_block=malloc(ctx->blocksize_B); + if(ctx->in_block==NULL){ + return 0x11; + } + if(size_b>bcal_cipher_getBlocksize_b(desc)){ + return 0x12; + } + ctx->size_b = size_b; + return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); +} + +void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx){ + free(ctx->in_block); + bcal_cipher_free(&(ctx->cctx)); +} + +void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx){ + if(iv){ + memcpy(ctx->in_block, iv, ctx->blocksize_B); + } +} + +void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + offset &= 7; + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + uint16_t i,j; + uint8_t a; + for(i=0; iblocksize_B*8-ctx->size_b; ++i){ + a = read_bit(ctx->in_block, i+ctx->size_b); + write_bit(ctx->in_block, i, a); + } + for(j=offset,i=0; isize_b; ++i, ++j){ + a = read_bit(tmp, i) ^ read_bit(block, j); + write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, a); + write_bit(block, j, a); + } +} + +void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + offset &= 7; + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + uint16_t i,j; + uint8_t a,b; + for(i=0; iblocksize_B*8-ctx->size_b; ++i){ + a = read_bit(ctx->in_block, i+ctx->size_b); + write_bit(ctx->in_block, i, a); + } + for(j=offset,i=0; isize_b; ++i, ++j){ + a = read_bit(tmp, i); + b = read_bit(block, j); + a ^= b; + write_bit(ctx->in_block, ctx->blocksize_B*8-ctx->size_b+i, b); + write_bit(block, j, a); + } +} + +void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){ + bcal_cfb_b_loadIV(iv, ctx); + uint64_t addr; + addr = ((uint32_t)msg)*8+offset; + while(msg_blocks--){ + msg = (void*)((uint32_t)(addr/8)); + offset = addr&7; + bcal_cfb_b_encNext(msg, offset, ctx); + addr += ctx->size_b; + } +} + +void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx){ + bcal_cfb_b_loadIV(iv, ctx); + uint64_t addr; + addr = ((uint32_t)msg)*8+offset; + while(msg_blocks--){ + msg = (void*)((uint32_t)(addr/8)); + offset = addr&7; + bcal_cfb_b_decNext(msg, offset, ctx); + addr += ctx->size_b; + } +} diff --git a/bcal-cfb_bit.h b/bcal-cfb_bit.h new file mode 100644 index 0000000..df62e17 --- /dev/null +++ b/bcal-cfb_bit.h @@ -0,0 +1,47 @@ +/* bcal-cfb_bit.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#ifndef BCALCFB_BIT_H_ +#define BCALCFB_BIT_H_ + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" + + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* in_block; + uint8_t blocksize_B; + uint16_t size_b; +} bcal_cfb_b_ctx_t; + + +uint8_t bcal_cfb_b_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_free(bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_loadIV(const void* iv, bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_encNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_decNext(void* block, uint8_t offset, bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_encMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx); +void bcal_cfb_b_decMsg(const void* iv, void* msg, uint8_t offset, uint32_t msg_blocks, bcal_cfb_b_ctx_t* ctx); + + +#endif /* BCALCFB_BIT_H_ */ diff --git a/bcal-cfb_byte.c b/bcal-cfb_byte.c new file mode 100644 index 0000000..0f6f31d --- /dev/null +++ b/bcal-cfb_byte.c @@ -0,0 +1,88 @@ +/* bcal-cfb_byte.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include +#include +#include "bcal-cfb_byte.h" +#include "bcal-basic.h" +#include "memxor.h" + + +uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx){ + ctx->desc = (bcdesc_t*)desc; + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->in_block=malloc(ctx->blocksize_B); + if(ctx->in_block==NULL){ + return 0x11; + } + if(size_b&7){ + return 0x12; + } + ctx->size_B = size_b/8; + return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); +} + +void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx){ + free(ctx->in_block); + bcal_cipher_free(&(ctx->cctx)); +} + +void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx){ + if(iv){ + memcpy(ctx->in_block, iv, ctx->blocksize_B); + } +} + +void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + memxor(block, tmp, ctx->size_B); + memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B); + memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, block, ctx->size_B); +} + +void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + uint8_t xblock[ctx->size_B]; + memcpy(xblock, block, ctx->size_B); + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + memxor(block, tmp, ctx->size_B); + memmove(ctx->in_block, ctx->in_block+ctx->size_B, ctx->blocksize_B - ctx->size_B); + memcpy(ctx->in_block+ctx->blocksize_B-ctx->size_B, xblock, ctx->size_B); +} + +void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){ + bcal_cfb_B_loadIV(iv, ctx); + while(msg_blocks--){ + bcal_cfb_B_encNext(msg, ctx); + msg = (uint8_t*)msg+ctx->size_B; + } +} + +void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx){ + bcal_cfb_B_loadIV(iv, ctx); + while(msg_blocks--){ + bcal_cfb_B_decNext(msg, ctx); + msg = (uint8_t*)msg+ctx->size_B; + } +} + diff --git a/bcal-cfb_byte.h b/bcal-cfb_byte.h new file mode 100644 index 0000000..276a904 --- /dev/null +++ b/bcal-cfb_byte.h @@ -0,0 +1,46 @@ +/* bcal-cbc.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCALCFB_BYTE_H_ +#define BCALCFB_BYTE_H_ + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" + + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* in_block; + uint8_t blocksize_B; + uint8_t size_B; +} bcal_cfb_B_ctx_t; + + +uint8_t bcal_cfb_B_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, uint16_t size_b, bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_free(bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_loadIV(const void* iv, bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_encNext(void* block, bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_decNext(void* block, bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_encMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx); +void bcal_cfb_B_decMsg(const void* iv, void* msg, uint16_t msg_blocks, bcal_cfb_B_ctx_t* ctx); + + +#endif /* BCALCFB_BYTE_H_ */ diff --git a/bcal-cmac.c b/bcal-cmac.c new file mode 100644 index 0000000..32ddfeb --- /dev/null +++ b/bcal-cmac.c @@ -0,0 +1,152 @@ +/* bcal-omac.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include +#include +#include "bcal-basic.h" +#include "bcal-cmac.h" +#include "memxor.h" + + +static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){ + uint8_t c1=0, c2; + do{ + --blocksize_B; + c2 = (((uint8_t*)block)[blocksize_B])>>7; + (((uint8_t*)block)[blocksize_B]) <<= 1; + (((uint8_t*)block)[blocksize_B]) |= c1; + c1 = c2; + }while(blocksize_B); + return c1; +} + +static const uint8_t const_128 = 0x87; +static const uint8_t const_64 = 0x1b; + +uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){ + uint8_t r; + ctx->desc = (bcdesc_t*)desc; + ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8; + if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){ + return 0x13; + } + ctx->accu = malloc(ctx->blocksize_B); + if(ctx->accu==NULL){ + return 0x14; + } + ctx->k1 = malloc(ctx->blocksize_B); + if(ctx->k1==NULL){ + return 0x15; + } + ctx->k2 = malloc(ctx->blocksize_B); + if(ctx->k2==NULL){ + return 0x16; + } + ctx->lastblock = malloc(ctx->blocksize_B); + if(ctx->lastblock==NULL){ + return 0x17; + } + r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); + if(r){ + return r; + } + if(ctx->blocksize_B==128/8){ + r = const_128; + }else{ + r = const_64; + } + /* subkey computation */ + memset(ctx->accu, 0x00, ctx->blocksize_B); + memset(ctx->k1, 0x00, ctx->blocksize_B); + bcal_cipher_enc(ctx->k1, &(ctx->cctx)); + if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){ + ctx->k1[ctx->blocksize_B-1] ^= r; + } + memcpy(ctx->k2, ctx->k1, ctx->blocksize_B); + if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){ + ctx->k2[ctx->blocksize_B-1] ^= r; + } + ctx->last_set=0; + return 0; +} + +void bcal_cmac_free(bcal_cmac_ctx_t* ctx){ + free(ctx->accu); + free(ctx->k1); + free(ctx->k2); + bcal_cipher_free(&(ctx->cctx)); +} + +void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){ + if(ctx->last_set){ + memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); + bcal_cipher_enc(ctx->accu, &(ctx->cctx)); + } + memcpy(ctx->lastblock, block, ctx->blocksize_B); + ctx->last_set=1; +} + + +void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){ + uint16_t blocksize_b; + blocksize_b = ctx->blocksize_B*8; + while(length_b>=blocksize_b){ + bcal_cmac_nextBlock(ctx, block); + block = (uint8_t*)block + ctx->blocksize_B; + length_b -= blocksize_b; + } + if(ctx->last_set==0){ + memxor(ctx->accu, block, (length_b+7)/8); + memxor(ctx->accu, ctx->k2, ctx->blocksize_B); + ctx->accu[length_b/8] ^= 0x80>>(length_b&7); + }else{ + if(length_b==0){ + memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); + memxor(ctx->accu, ctx->k1, ctx->blocksize_B); + }else{ + memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B); + bcal_cipher_enc(ctx->accu, &(ctx->cctx)); + memxor(ctx->accu, block, (length_b+7)/8); + memxor(ctx->accu, ctx->k2, ctx->blocksize_B); + ctx->accu[length_b/8] ^= 0x80>>(length_b&7); + } + } + bcal_cipher_enc(ctx->accu, &(ctx->cctx)); +} + +void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){ + memcpy(dest, ctx->accu, length_b/8); + if(length_b&7){ + ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7); + ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]); + } +} + +void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){ + uint16_t blocksize_b; + blocksize_b = ctx->blocksize_B*8; + while(length_b>blocksize_b){ + bcal_cmac_nextBlock(ctx, block); + block = (uint8_t*)block + ctx->blocksize_B; + length_b -= blocksize_b; + } + bcal_cmac_lastBlock(ctx, block, length_b); + bcal_cmac_ctx2mac(dest, out_length_b, ctx); +} diff --git a/bcal-cmac.h b/bcal-cmac.h new file mode 100644 index 0000000..be699b6 --- /dev/null +++ b/bcal-cmac.h @@ -0,0 +1,45 @@ +/* bcal-cmac.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCALCMAC_H_ +#define BCALCMAC_H_ + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* accu; + uint8_t* k1; + uint8_t* k2; + uint8_t* lastblock; + uint8_t last_set; + uint8_t blocksize_B; +} bcal_cmac_ctx_t; + +uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx); +void bcal_cmac_free(bcal_cmac_ctx_t* ctx); +void bcal_cmac_nextBlock(bcal_cmac_ctx_t* ctx, const void* block); +void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b); +void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx); +void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx); + +#endif /* BCALCMAC_H_ */ diff --git a/bcal-ctr.c b/bcal-ctr.c new file mode 100644 index 0000000..ec1b1d4 --- /dev/null +++ b/bcal-ctr.c @@ -0,0 +1,95 @@ +/* bcal-ctr.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include +#include +#include "bcal-basic.h" +#include "bcal-ctr.h" +#include "memxor.h" + +static void increment_be(void* block, uint8_t size_B){ + uint16_t c=1; + do{ + --size_B; + c += ((uint8_t*)block)[size_B]; + ((uint8_t*)block)[size_B] = (uint8_t)c; + c>>=8; + }while(size_B); +} + +uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx){ + ctx->desc = (bcdesc_t*)desc; + if(inc_func){ + ctx->inc_func = inc_func; + }else{ + ctx->inc_func = increment_be; + } + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->in_block=malloc(ctx->blocksize_B); + if(ctx->in_block==NULL){ + return 0x11; + } + return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); +} + +void bcal_ctr_free(bcal_ctr_ctx_t* ctx){ + free(ctx->in_block); + bcal_cipher_free(&(ctx->cctx)); +} + +void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx){ + if(iv){ + memcpy(ctx->in_block, iv, ctx->blocksize_B); + } +} + +void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + memxor(block, tmp, ctx->blocksize_B); + ctx->inc_func(ctx->in_block, ctx->blocksize_B); +} + +void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx){ + bcal_ctr_encNext(block, ctx); +} + +void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){ + bcal_ctr_loadIV(iv, ctx); + uint16_t blocksize_b; + blocksize_b = ctx->blocksize_B*8; + while(msg_len_b>blocksize_b){ + bcal_ctr_encNext(msg, ctx); + msg_len_b -= blocksize_b; + msg = (uint8_t*)msg + ctx->blocksize_B; + } + uint8_t tmp[ctx->blocksize_B]; + memcpy(tmp, ctx->in_block, ctx->blocksize_B); + bcal_cipher_enc(tmp, &(ctx->cctx)); + ctx->inc_func(ctx->in_block, ctx->blocksize_B); + tmp[msg_len_b/8] = 0xff00>>(msg_len_b&7); + memxor(msg, tmp, (msg_len_b+7)/8); +} + +void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx){ + bcal_ctr_encMsg(iv, msg, msg_len_b, ctx); +} + diff --git a/bcal-ctr.h b/bcal-ctr.h new file mode 100644 index 0000000..55de485 --- /dev/null +++ b/bcal-ctr.h @@ -0,0 +1,45 @@ +/* bcal-ctr.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCALCTR_H_ +#define BCALCTR_H_ + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" + +typedef void(*inc_fp_t)(void* block, uint8_t size_B); + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* in_block; + inc_fp_t inc_func; + uint8_t blocksize_B; +} bcal_ctr_ctx_t; + +uint8_t bcal_ctr_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, inc_fp_t inc_func, bcal_ctr_ctx_t* ctx); +void bcal_ctr_free(bcal_ctr_ctx_t* ctx); +void bcal_ctr_loadIV(const void* iv, bcal_ctr_ctx_t* ctx); +void bcal_ctr_encNext(void* block, bcal_ctr_ctx_t* ctx); +void bcal_ctr_decNext(void* block, bcal_ctr_ctx_t* ctx); +void bcal_ctr_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx); +void bcal_ctr_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ctr_ctx_t* ctx); + +#endif /* BCALCTR_H_ */ diff --git a/bcal-eax.c b/bcal-eax.c new file mode 100644 index 0000000..72d68bd --- /dev/null +++ b/bcal-eax.c @@ -0,0 +1,119 @@ +/* bca-eax.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" +#include "bcal-cmac.h" +#include "bcal-ctr.h" +#include "bcal-eax.h" +#include "memxor.h" + +uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx){ + uint8_t r; + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->nonce = malloc(ctx->blocksize_B); + if(ctx->nonce==NULL){ + return 0x81; + } + r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ctag)); + if(r){ + return r; + } + r = bcal_cmac_init(desc, key, keysize_b, &(ctx->htag)); + if(r){ + return (r|0x10); + } + r = bcal_cmac_init(desc, key, keysize_b, &(ctx->ntag)); + if(r){ + return (r|0x20); + } + r = bcal_ctr_init(desc, key, keysize_b, NULL, &(ctx->cipher)); + if(r){ + return (r|0x30); + } + ctx->header_set=0; + uint8_t tmp[ctx->blocksize_B]; + memset(tmp, 0, ctx->blocksize_B); + bcal_cmac_nextBlock(&(ctx->ntag), tmp); + tmp[ctx->blocksize_B-1]=1; + bcal_cmac_nextBlock(&(ctx->htag), tmp); + tmp[ctx->blocksize_B-1]=2; + bcal_cmac_nextBlock(&(ctx->ctag), tmp); + return 0; +} + +void bcal_eax_free(bcal_eax_ctx_t* ctx){ + bcal_ctr_free(&(ctx->cipher)); + bcal_cmac_free(&(ctx->ctag)); + bcal_cmac_free(&(ctx->htag)); + bcal_cmac_free(&(ctx->ntag)); + free(ctx->nonce); +} + +void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx){ + bcal_cmac_lastBlock(&(ctx->ntag), nonce, length_b); + bcal_cmac_ctx2mac(ctx->nonce, ctx->blocksize_B*8, &(ctx->ntag)); + bcal_ctr_loadIV(ctx->nonce, &(ctx->cipher)); +} + +void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx){ + bcal_cmac_nextBlock(&(ctx->htag), header); +} + +void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx){ + bcal_cmac_lastBlock(&(ctx->htag), header, length_b); + ctx->header_set = 1; +} + +void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx){ + bcal_ctr_encNext(block, &(ctx->cipher)); + bcal_cmac_nextBlock(&(ctx->ctag), block); +} + +void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){ + bcal_ctr_encMsg(NULL, block, length_b, &(ctx->cipher)); + bcal_cmac_lastBlock(&(ctx->ctag), block, length_b); +} + +void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx){ + bcal_cmac_nextBlock(&(ctx->ctag), block); + bcal_ctr_decNext(block, &(ctx->cipher)); +} + +void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx){ + bcal_cmac_lastBlock(&(ctx->ctag), block, length_b); + bcal_ctr_decMsg(NULL, block, length_b, &(ctx->cipher)); +} + +void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx){ + uint8_t tmp[ctx->blocksize_B]; + if(ctx->header_set==0){ + bcal_cmac_lastBlock(&(ctx->htag), NULL, 0); + } + + bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->htag)); + memxor(ctx->nonce, tmp, ctx->blocksize_B); + + bcal_cmac_ctx2mac(tmp, ctx->blocksize_B*8, &(ctx->ctag)); + memxor(ctx->nonce, tmp, ctx->blocksize_B); + memcpy(dest, ctx->nonce, (length_b+7)/8); +} + diff --git a/bcal-eax.h b/bcal-eax.h new file mode 100644 index 0000000..190eee9 --- /dev/null +++ b/bcal-eax.h @@ -0,0 +1,53 @@ +/* bcal-eax.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef BCALEAX_H_ +#define BCALEAX_H_ + +#include +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" +#include "bcal-cmac.h" +#include "bcal-ctr.h" + +typedef struct{ + uint8_t* nonce; + bcal_cmac_ctx_t ntag; + bcal_cmac_ctx_t ctag; + bcal_cmac_ctx_t htag; + bcal_ctr_ctx_t cipher; + uint8_t blocksize_B; + uint8_t header_set; +} bcal_eax_ctx_t; + +uint8_t bcal_eax_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_eax_ctx_t* ctx); +void bcal_eax_free(bcal_eax_ctx_t* ctx); +void bcal_eax_loadNonce(const void* nonce, uint16_t length_b, bcal_eax_ctx_t* ctx); +void bcal_eax_addNextHeader(const void* header, bcal_eax_ctx_t* ctx); +void bcal_eax_addLastHeader(const void* header, uint16_t length_b, bcal_eax_ctx_t* ctx); +void bcal_eax_encNextBlock(void* block, bcal_eax_ctx_t* ctx); +void bcal_eax_encLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx); +void bcal_eax_decNextBlock(void* block, bcal_eax_ctx_t* ctx); +void bcal_eax_decLastBlock(void* block, uint16_t length_b, bcal_eax_ctx_t* ctx); +void bcal_eax_ctx2tag(void* dest, uint16_t length_b, bcal_eax_ctx_t* ctx); +//void bcal_eax(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_eax_ctx_t* ctx); + +#endif /* BCALEAX_H_ */ + diff --git a/bcal-ofb.c b/bcal-ofb.c new file mode 100644 index 0000000..6494fb8 --- /dev/null +++ b/bcal-ofb.c @@ -0,0 +1,76 @@ +/* bcal-ofb.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include +#include "bcal-ofb.h" +#include "bcal-basic.h" +#include "memxor.h" + + +uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx){ + ctx->desc = (bcdesc_t*)desc; + ctx->blocksize_B = (bcal_cipher_getBlocksize_b(desc)+7)/8; + ctx->in_block=malloc(ctx->blocksize_B); + if(ctx->in_block==NULL){ + return 0x11; + } + return bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx)); +} + +void bcal_ofb_free(bcal_ofb_ctx_t* ctx){ + free(ctx->in_block); + bcal_cipher_free(&(ctx->cctx)); +} + +void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx){ + if(iv){ + memcpy(ctx->in_block, iv, ctx->blocksize_B); + } +} + +void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx){ + bcal_cipher_enc(ctx->in_block , &(ctx->cctx)); + memxor(block, ctx->in_block, ctx->blocksize_B); +} + +void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx){ + bcal_cipher_enc(ctx->in_block , &(ctx->cctx)); + memxor(block, ctx->in_block, ctx->blocksize_B); +} + + +void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){ + uint16_t block_len_b; + block_len_b = ctx->blocksize_B*8; + bcal_ofb_loadIV(iv, ctx); + while(msg_len_b>block_len_b){ + bcal_ofb_encNext(msg, ctx); + msg_len_b -= block_len_b; + msg = (uint8_t*)msg + ctx->blocksize_B; + } + bcal_cipher_enc(ctx->in_block, &(ctx->cctx)); + ctx->in_block[msg_len_b/8] = 0xff00>>(msg_len_b&7); + memxor(msg, ctx->in_block, (msg_len_b+7)/8); +} + +void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx){ + bcal_ofb_encMsg(iv, msg, msg_len_b, ctx); +} + diff --git a/bcal-ofb.h b/bcal-ofb.h new file mode 100644 index 0000000..aa69c05 --- /dev/null +++ b/bcal-ofb.h @@ -0,0 +1,46 @@ +/* bcal-ofb.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#ifndef BCALOFB_H_ +#define BCALOFB_H_ + +#include +#include "bcal-basic.h" +#include "blockcipher_descriptor.h" + + +typedef struct{ + bcdesc_t* desc; + bcgen_ctx_t cctx; + uint8_t* in_block; + uint8_t blocksize_B; +} bcal_ofb_ctx_t; + + +uint8_t bcal_ofb_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_ofb_ctx_t* ctx); +void bcal_ofb_free(bcal_ofb_ctx_t* ctx); +void bcal_ofb_loadIV(const void* iv, bcal_ofb_ctx_t* ctx); +void bcal_ofb_encNext(void* block, bcal_ofb_ctx_t* ctx); +void bcal_ofb_decNext(void* block, bcal_ofb_ctx_t* ctx); +void bcal_ofb_encMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx); +void bcal_ofb_decMsg(const void* iv, void* msg, uint32_t msg_len_b, bcal_ofb_ctx_t* ctx); + + +#endif /* BCALOFB_H_ */ diff --git a/bcal-performance.c b/bcal-performance.c new file mode 100644 index 0000000..9ad15a9 --- /dev/null +++ b/bcal-performance.c @@ -0,0 +1,149 @@ +/* bcal-performance.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * \file bcal-performance.c + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2010-02-16 + * \license GPLv3 or later + * + */ + +#include "bcal-performance.h" +#include "keysize_descriptor.h" +#include "blockcipher_descriptor.h" +#include "performance_test.h" +#include "cli.h" +#include +#include +#include + + +static +void printvalue(unsigned long v){ + char str[20]; + int i; + ultoa(v, str, 10); + for(i=0; i<10-strlen(str); ++i){ + cli_putc(' '); + } + cli_putstr(str); +} + +void bcal_performance(const bcdesc_t* bcd){ + bcdesc_t bc; + memcpy(&bc, bcd, sizeof(bcdesc_t)); + uint8_t ctx[bc.ctxsize_B]; + uint8_t data[(bc.blocksize_b+7)/8]; + uint16_t keysize = get_keysize(bc.valid_keysize_desc); + uint8_t key[(keysize+7)/8]; + uint64_t t; + uint8_t i; + + if(bc.type!=BCDESC_TYPE_BLOCKCIPHER) + return; + calibrateTimer(); + print_overhead(); + cli_putstr("\r\n\r\n === "); + cli_putstr(bc.name); + cli_putstr(" performance === " + "\r\n type: blockcipher" + "\r\n keysize (bits): "); + printvalue(keysize); + + cli_putstr("\r\n ctxsize (bytes): "); + printvalue(bc.ctxsize_B); + + cli_putstr("\r\n blocksize (bits): "); + printvalue(bc.blocksize_b); + + t=0; + if(bc.init.init1){ + if((bc.flags&BC_INIT_TYPE)==BC_INIT_TYPE_1){ + for(i=0; i<32; ++i){ + startTimer(0); + START_TIMER; + (bc.init.init1)(key, &ctx); + STOP_TIMER; + t += stopTimer(); + if(i!=31 && bc.free){ + bc.free(&ctx); + } + } + } else { + for(i=0; i<32; ++i){ + startTimer(0); + START_TIMER; + (bc.init.init2)(key, keysize, &ctx); + STOP_TIMER; + t += stopTimer(); + if(i!=31 && bc.free){ + bc.free(&ctx); + } + } + } + t>>=5; + cli_putstr("\r\n init (cycles): "); + printvalue(t); + } + + t=0; + for(i=0; i<32; ++i){ + startTimer(0); + START_TIMER; + bc.enc.enc1(data, &ctx); + STOP_TIMER; + t += stopTimer(); + } + t>>=5; + cli_putstr("\r\n encrypt (cycles): "); + printvalue(t); + + t=0; + for(i=0; i<32; ++i){ + startTimer(0); + START_TIMER; + bc.dec.dec1(data, &ctx); + STOP_TIMER; + t += stopTimer(); + } + t>>=5; + cli_putstr("\r\n decrypt (cycles): "); + printvalue(t); + + if(bc.free){ + bc.free(&ctx); + } + +} + + +void bcal_performance_multiple(const bcdesc_t** bcd_list){ + const bcdesc_t* bcd; + for(;;){ + bcd = *bcd_list; + if(!bcd){ + cli_putstr("\r\n\r\n End of performance figures\r\n"); + return; + } + bcal_performance(bcd++); + bcd_list++; + } +} diff --git a/bcal-performance.h b/bcal-performance.h new file mode 100644 index 0000000..b8c5666 --- /dev/null +++ b/bcal-performance.h @@ -0,0 +1,38 @@ +/* bcal-performance.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +/* + * \file bcal-performance.h + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2010-02-16 + * \license GPLv3 or later + * + */ + +#ifndef BCAL_PERFORMANCE_H_ +#define BCAL_PERFORMANCE_H_ + +#include "blockcipher_descriptor.h" + +void bcal_performance(const bcdesc_t* hd); +void bcal_performance_multiple(const bcdesc_t** hd_list); + + +#endif /* BCAL_PERFORMANCE_H_ */ diff --git a/bcal_aes128.c b/bcal_aes128.c new file mode 100644 index 0000000..5d4ae9c --- /dev/null +++ b/bcal_aes128.c @@ -0,0 +1,54 @@ +/* bcal_aes128.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes128.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes128_enc.h" +#include "aes128_dec.h" +#include "aes_keyschedule.h" +#include "keysize_descriptor.h" + +const char aes128_str[] = "AES-128"; + +const uint8_t aes128_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(128), + KS_TYPE_TERMINATOR }; + +const bcdesc_t aes128_desc = { + BCDESC_TYPE_BLOCKCIPHER, + BC_INIT_TYPE_1, + aes128_str, + sizeof(aes128_ctx_t), + 128, + {(void_fpt)aes128_init}, + {(void_fpt)aes128_enc}, + {(void_fpt)aes128_dec}, + (bc_free_fpt)NULL, + aes128_keysize_desc +}; + + diff --git a/bcal_aes128.h b/bcal_aes128.h new file mode 100644 index 0000000..4c603e0 --- /dev/null +++ b/bcal_aes128.h @@ -0,0 +1,34 @@ +/* bcal_aes128.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes128.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes128_enc.h" +#include "aes128_dec.h" +#include "keysize_descriptor.h" + +extern const bcdesc_t aes128_desc; diff --git a/bcal_aes192.c b/bcal_aes192.c new file mode 100644 index 0000000..fcbbcdc --- /dev/null +++ b/bcal_aes192.c @@ -0,0 +1,54 @@ +/* bcal_aes192.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes192.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes192_enc.h" +#include "aes192_dec.h" +#include "aes_keyschedule.h" +#include "keysize_descriptor.h" + +const char aes192_str[] = "AES-192"; + +const uint8_t aes192_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(192), + KS_TYPE_TERMINATOR }; + +const bcdesc_t aes192_desc = { + BCDESC_TYPE_BLOCKCIPHER, + BC_INIT_TYPE_1, + aes192_str, + sizeof(aes192_ctx_t), + 128, + {(void_fpt)aes192_init}, + {(void_fpt)aes192_enc}, + {(void_fpt)aes192_dec}, + (bc_free_fpt)NULL, + aes192_keysize_desc +}; + + diff --git a/bcal_aes192.h b/bcal_aes192.h new file mode 100644 index 0000000..f8da795 --- /dev/null +++ b/bcal_aes192.h @@ -0,0 +1,34 @@ +/* bcal_aes192.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes192.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes192_enc.h" +#include "aes192_dec.h" +#include "keysize_descriptor.h" + +extern const bcdesc_t aes192_desc; diff --git a/bcal_aes256.c b/bcal_aes256.c new file mode 100644 index 0000000..3eb4914 --- /dev/null +++ b/bcal_aes256.c @@ -0,0 +1,54 @@ +/* bcal_aes256.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes256.c + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes256_enc.h" +#include "aes256_dec.h" +#include "aes_keyschedule.h" +#include "keysize_descriptor.h" + +const char aes256_str[] = "AES-256"; + +const uint8_t aes256_keysize_desc[] = { KS_TYPE_LIST, 1, KS_INT(256), + KS_TYPE_TERMINATOR }; + +const bcdesc_t aes256_desc = { + BCDESC_TYPE_BLOCKCIPHER, + BC_INIT_TYPE_1, + aes256_str, + sizeof(aes256_ctx_t), + 128, + {(void_fpt)aes256_init}, + {(void_fpt)aes256_enc}, + {(void_fpt)aes256_dec}, + (bc_free_fpt)NULL, + aes256_keysize_desc +}; + + diff --git a/bcal_aes256.h b/bcal_aes256.h new file mode 100644 index 0000000..d241414 --- /dev/null +++ b/bcal_aes256.h @@ -0,0 +1,34 @@ +/* bcal_aes256.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file bcal_aes256.h + * \email daniel.otte@rub.de + * \author Daniel Otte + * \date 2009-01-08 + * \license GPLv3 or later + * + */ + +#include "blockcipher_descriptor.h" +#include "aes.h" +#include "aes256_enc.h" +#include "aes256_dec.h" +#include "keysize_descriptor.h" + +extern const bcdesc_t aes256_desc; diff --git a/blockcipher_descriptor.h b/blockcipher_descriptor.h new file mode 100644 index 0000000..e7e3f22 --- /dev/null +++ b/blockcipher_descriptor.h @@ -0,0 +1,98 @@ +/* blockcipher_descriptor.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file blockcipher_descriptor.h + * \author Daniel Otte + * \date 2009-02-04 + * + * \license GPLv3 or later + * + */ + +#ifndef BLOCKCIPHER_DESCRIPTOR_H_ +#define BLOCKCIPHER_DESCRIPTOR_H_ +#include + + +#ifndef VOID_FPT +#define VOID_FPT +typedef void(*void_fpt)(void); +#endif + +typedef void(*bc_init1_fpt)(void*, void*); +typedef void(*bc_init2_fpt)(void*, uint16_t,void*); +typedef void(*bc_enc1_fpt)(void*, void*); +typedef void(*bc_enc2_fpt)(void*, void*, void*); +typedef void(*bc_dec1_fpt)(void*, void*); +typedef void(*bc_dec2_fpt)(void*, void*, void*); +typedef void(*bc_free_fpt)(void*); + +typedef union{ + void_fpt initvoid; + bc_init1_fpt init1; + bc_init2_fpt init2; +} bc_init_fpt; + +typedef union{ + void_fpt encvoid; + bc_enc1_fpt enc1; + bc_enc2_fpt enc2; +} bc_enc_fpt; + +typedef union{ + void_fpt decvoid; + bc_dec1_fpt dec1; + bc_dec2_fpt dec2; +} bc_dec_fpt; + +#define BC_INIT_TYPE 0x01 +#define BC_INIT_TYPE_1 0x00 +#define BC_INIT_TYPE_2 0x01 + +#define BC_ENC_TYPE 0x02 +#define BC_ENC_TYPE_1 0x00 +#define BC_ENC_TYPE_2 0x02 +# +#define BC_DEC_TYPE 0x04 +#define BC_DEC_TYPE_1 0x00 +#define BC_DEC_TYPE_2 0x04 + +#define BCDESC_TYPE_BLOCKCIPHER 0x01 + +typedef struct { + uint8_t type; /* 1==blockcipher */ + uint8_t flags; + const char* name; + uint16_t ctxsize_B; + uint16_t blocksize_b; + bc_init_fpt init; + bc_enc_fpt enc; + bc_dec_fpt dec; + bc_free_fpt free; + const void* valid_keysize_desc; +} bcdesc_t; /* blockcipher descriptor type */ + +typedef struct{ + bcdesc_t* desc_ptr; + uint16_t keysize; + void* ctx; +} bcgen_ctx_t; + +#endif /* BLOCKCIPHER_DESCRIPTOR_H_ */ + diff --git a/host/get_test.rb b/host/get_test.rb index 337ef3f..7c9ea3c 100644 --- a/host/get_test.rb +++ b/host/get_test.rb @@ -18,6 +18,7 @@ along with this program. If not, see . =end +require 'rubygems' require 'serialport' def read_line(error_msg=true) diff --git a/keysize_descriptor.c b/keysize_descriptor.c new file mode 100644 index 0000000..8ffb06f --- /dev/null +++ b/keysize_descriptor.c @@ -0,0 +1,87 @@ +/* keysize_descriptor.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file keysize_descriptor.c + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2009-01-07 + * \license GPLv3 or later + */ + +#include +#include "keysize_descriptor.h" + +uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize){ + uint8_t type; + type = *((uint8_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 1; + if(type==KS_TYPE_TERMINATOR) + return 0; + if(type==KS_TYPE_LIST){ + uint8_t items; + uint16_t item; + items = *((uint8_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 1; + while(items--){ + item = *((uint16_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 2; + if(item==keysize) + return 1; + } + ks_desc = (uint8_t*)ks_desc - 2; + } + if(type==KS_TYPE_RANGE){ + uint16_t max, min; + min = *((uint16_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 2; + max = *((uint16_t*)ks_desc); + if(min<=keysize && keysize<=max) + return 1; + } + if(type==KS_TYPE_ARG_RANGE){ + uint16_t max, min, dist, offset; + min = *((uint16_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 2; + max = *((uint16_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 2; + dist = *((uint16_t*)ks_desc); + ks_desc = (uint8_t*)ks_desc + 2; + offset = *((uint16_t*)ks_desc); + if(min<=keysize && keysize<=max && (keysize%dist==offset)) + return 1; + } + if(type>KS_TYPE_ARG_RANGE){ + /* bad error, you may insert a big warning message here */ + return 0; + } + return is_valid_keysize_P((uint8_t*)ks_desc+1, keysize); /* search the next record */ +} + +uint16_t get_keysize(const void* ks_desc){ + uint8_t type; + uint16_t keysize; + type = *((uint8_t*)ks_desc); + if(type==KS_TYPE_LIST) + ks_desc = (uint8_t*)ks_desc + 1; + ks_desc = (uint8_t*)ks_desc + 1; + keysize = *((uint16_t*)ks_desc); + return keysize; +} + + diff --git a/keysize_descriptor.h b/keysize_descriptor.h new file mode 100644 index 0000000..5595888 --- /dev/null +++ b/keysize_descriptor.h @@ -0,0 +1,58 @@ +/* keysize_descriptor.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2009 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file keysize_descriptor.h + * \author Daniel Otte + * \email daniel.otte@rub.de + * \date 2009-01-07 + * \license GPLv3 or later + */ + +#ifndef KEYSIZE_DESCRIPTOR_H_ +#define KEYSIZE_DESCRIPTOR_H_ + +#include + +#define KS_TYPE_TERMINATOR 0x00 +#define KS_TYPE_LIST 0x01 +#define KS_TYPE_RANGE 0x02 +#define KS_TYPE_ARG_RANGE 0x03 + +#define KS_INT(a) ((a)&0xFF), ((a)>>8) + +typedef struct{ /* keysize is valid if listed in items */ + uint8_t n_items; /* number of items (value 0 is reserved) */ + uint16_t items[]; /* list of valid lengths */ +}keysize_desc_list_t; + +typedef struct{ /* keysize is valid if min<=keysize<=max */ + uint16_t min; + uint16_t max; +}keysize_desc_range_t; + +typedef struct{ /* keysize is valid if min<=keysize<=max and if keysize mod distance == offset */ + uint16_t min; + uint16_t max; + uint16_t distance; + uint16_t offset; +}keysize_desc_arg_range_t; + +uint8_t is_valid_keysize_P(const void* ks_desc, uint16_t keysize); +uint16_t get_keysize(const void* ks_desc); +#endif /* KEYSIZE_DESCRIPTOR_H_ */ diff --git a/test_src/cmacvs.c b/test_src/cmacvs.c new file mode 100644 index 0000000..393d280 --- /dev/null +++ b/test_src/cmacvs.c @@ -0,0 +1,586 @@ +/* cmacvs.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file cmacvs.c + * \author Daniel Otte + * \date 2010-02-02 + * \license GPLv3 or later + * + */ + +#include +#include +#include +#include +#include "blockcipher_descriptor.h" +#include "bcal-basic.h" +#include "bcal-cmac.h" +#include "cmacvs.h" +#include "string-extras.h" +#include "cli.h" + + +#ifdef DEBUG +# undef DEBUG +#endif + +#define DEBUG 0 + +#if DEBUG +# include "config.h" +# include +#endif + +bcdesc_t* cmacvs_algo=NULL; +bcdesc_t** cmacvs_algolist=NULL; + +void cmacvs_listalgos(void){ + char option = 'a'; + + bcdesc_t* t; + uint8_t i=0; + cli_putstr("\r\nthe following algorithms are available:\r\n"); + while(option<='z' && (t=(bcdesc_t*)(cmacvs_algolist[i]))){ + cli_putc('\t'); + cli_putc((t==cmacvs_algo)?'*':' '); + cli_putc(option++); + cli_putstr(":\t"); + cli_putstr(t->name); + cli_putstr("\r\n"); + i++; + } +} + +void cmacvs_setalgo(char* param){ + param = strstrip(param); + if(param[1]=='\0'){ /* single letter specified */ + uint8_t i,option = param[0]-'a'; + + if(!cmacvs_algolist){ + cli_putstr("\r\nERROR: cmacvs_algolist not set!"); + return; + } + for(i=0; i<=option; ++i){ + if((cmacvs_algolist[i])==NULL){ + cli_putstr("\r\nERROR: invalid selection!"); + return; + } + } + cmacvs_algo=(bcdesc_t*)(cmacvs_algolist[option]); + } else { /* name specifyed */ + bcdesc_t* t=NULL; + uint8_t i=0; + while((t=(bcdesc_t*)(cmacvs_algolist[i])) && + strcasecmp(param, t->name)) + ++i; + if(t){ + cmacvs_algo=t; + }else{ + cli_putstr("\r\nERROR: could not find \""); + cli_putstr(param); + cli_putstr("\"!"); + } + } +} + +typedef struct { + uint16_t buffer_idx; + uint16_t buffersize_B; + uint32_t blocks; + bcal_cmac_ctx_t ctx; + uint8_t* buffer; + uint8_t in_byte; +} cmacvs_ctx_t; + +static cmacvs_ctx_t cmacvs_ctx; + +uint8_t buffer_add(char c){ + uint8_t v,t; + if(cmacvs_ctx.buffer_idx==cmacvs_ctx.buffersize_B){ + bcal_cmac_nextBlock(&(cmacvs_ctx.ctx), cmacvs_ctx.buffer); + ++cmacvs_ctx.blocks; + cmacvs_ctx.buffer_idx=0; + cmacvs_ctx.in_byte=0; + cli_putc('.'); + memset(cmacvs_ctx.buffer, 0, cmacvs_ctx.buffersize_B); + } + if(c>='0' && c<='9'){ + v=c-'0'; + }else{ + c &= (uint8_t)~('a' ^ 'A'); + if(c>='A' && c<='F'){ + v=c-'A'+10; + }else{ + return 1; + } + } + t=cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx]; + if(cmacvs_ctx.in_byte){ + t |= v; + cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx]=t; + cmacvs_ctx.buffer_idx++; + cmacvs_ctx.in_byte = 0; + }else{ + t |= v<<4; + cmacvs_ctx.buffer[cmacvs_ctx.buffer_idx]=t; + cmacvs_ctx.in_byte = 1; + } + return 0; +} + +int32_t getValue(char* key){ + uint32_t val=0; + char instr[21]; + char* str2; + for(;;){ + memset(instr, 0, 21); + cli_getsn(instr, 20); + str2 = strstrip(instr); + if(!strncasecmp(str2, key, strlen(key))){ + while(*str2 && *str2!='=') + str2++; + if(*str2=='='){ + do{ + str2++; + }while(*str2 && !isdigit(*str2)); + val=(uint32_t)strtoul(str2, NULL, 10); + return val; + } + } else { + if(!strncasecmp(str2, "EXIT", 4)){ + cli_putstr("\r\n got exit ..."); + return -1; + } + } + } + return -2; +} + +uint8_t getKey(void* key_buffer, uint8_t klen_B){ + char c; + uint8_t v,i=0; + memset(key_buffer, 0x00, klen_B); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='k'); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='e'); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='y'); + do{ + c = cli_getc_cecho(); + }while(c!='='); + klen_B *= 2; + while(klen_B){ + v = 0x10; + c = cli_getc_cecho(); + if(c>='0' && c<='9'){ + v = c-'0'; + }else{ + c |= 'A'^'a'; + if(c>='a' && c<='f'){ + v= c-'a'+10; + } + } + if(v<0x10){ + if((i&1)==0){ + v<<=4; + } + ((uint8_t*)key_buffer)[i/2] |= v; + ++i; + --klen_B; + } + } + return 0; +} + +uint8_t getMac(void* mac_buffer, uint8_t mlen_B){ + char c; + uint8_t v,i=0; + memset(mac_buffer, 0x00, mlen_B); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='m'); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='a'); + do{ + c = cli_getc_cecho(); + }while((c|('a'^'A'))!='c'); + do{ + c = cli_getc_cecho(); + }while(c!='='); + mlen_B *= 2; + while(mlen_B){ + v = 0x10; + c = cli_getc_cecho(); + if(c>='0' && c<='9'){ + v = c-'0'; + }else{ + c |= 'A'^'a'; + if(c>='a' && c<='f'){ + v= c-'a'+10; + } + } + if(v<0x10){ + if((i&1)==0){ + v<<=4; + } + ((uint8_t*)mac_buffer)[i/2] |= v; + ++i; + --mlen_B; + } + } + return 0; +} + +void cmacvs_test1(void){ /* Gen tests */ + int32_t klen, mlen, tlen; + int32_t expect_input=0; + + if(!cmacvs_algo){ + cli_putstr("\r\nERROR: select algorithm first!"); + return; + } + char c; + cmacvs_ctx.buffersize_B=(cmacvs_algo->blocksize_b)/8; + uint8_t tag[cmacvs_ctx.buffersize_B]; + uint8_t buffer[cmacvs_ctx.buffersize_B+5]; + cmacvs_ctx.buffer = buffer; + cli_putstr("\r\nbuffer_size = 0x"); + cli_hexdump_rev(&(cmacvs_ctx.buffersize_B), 2); + cli_putstr(" bytes"); + for(;;){ + cmacvs_ctx.blocks = 0; + memset(buffer, 0, cmacvs_ctx.buffersize_B); + klen = getValue("Klen"); + if(klen<0){ + return; + } + mlen = getValue("Mlen"); + if(mlen<0){ + return; + } + tlen = getValue("Tlen"); + if(tlen<0){ + return; + } + uint8_t key_buffer[klen]; +#if DEBUG + cli_putstr("\r\nKLen == "); + cli_hexdump_rev(&klen, 4); + cli_putstr("\r\nMLen == "); + cli_hexdump_rev(&mlen, 4); + cli_putstr("\r\nTLen == "); + cli_hexdump_rev(&tlen, 4); +#endif + getKey(key_buffer, klen); + if(mlen==0){ + expect_input=2; + }else{ + expect_input=mlen*2; + } +#if DEBUG + cli_putstr("\r\nexpected_input == "); + cli_hexdump_rev(&expect_input, 4); + if(expect_input==0) + cli_putstr("\r\nexpected_input == 0 !!!"); +#endif + uint8_t ret; +#if DEBUG + cli_putstr("\r\n CMAC init"); + cli_putstr("\r\n (2) expected_input == "); + cli_hexdump_rev(&expect_input, 4); +#endif + ret = bcal_cmac_init(cmacvs_algo, key_buffer, klen*8, &(cmacvs_ctx.ctx)); + if(ret){ + cli_putstr("\r\n bcal_cmac_init returned with: "); + cli_hexdump(&ret, 1); + return; + } +#if DEBUG + cli_putstr("\r\n (3) expected_input == "); + cli_hexdump_rev(&expect_input, 4); + cli_putstr("\r\n"); +#endif + while((c=cli_getc_cecho())!='M' && c!='m'){ + if(!isspace(c)){ + cli_putstr("\r\nERROR: wrong input (1) [0x"); + cli_hexdump(&c, 1); + cli_putstr("]!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } + if((c=cli_getc_cecho())!='s' && c!='S'){ + cli_putstr("\r\nERROR: wrong input (2)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + if((c=cli_getc_cecho())!='g' && c!='G'){ + cli_putstr("\r\nERROR: wrong input (3)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + while((c=cli_getc_cecho())!='='){ + if(!isspace(c)){ + cli_putstr("\r\nERROR: wrong input (4)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } +#if DEBUG + cli_putstr("\r\nparsing started"); +#endif + cmacvs_ctx.buffer_idx = 0; + cmacvs_ctx.in_byte = 0; + cmacvs_ctx.blocks = 0; + while(expect_input>0){ + c=cli_getc_cecho(); +#if DEBUG + cli_putstr("\r\n\t("); + cli_hexdump_rev(&expect_input, 4); + cli_putstr(") "); + _delay_ms(500); +#endif + if(buffer_add(c)==0){ + --expect_input; + }else{ + if(!isblank((uint16_t)c)){ + cli_putstr("\r\nERROR: wrong input (5) ("); + cli_putc(c); + cli_putstr(")!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } + } +#if DEBUG + cli_putstr("\r\nBuffer-A:"); + cli_hexdump_block(buffer, cmacvs_ctx.buffersize_B, 5, 8); + + cli_putstr("\r\n starting finalisation"); + cli_putstr("\r\n\tblocks == "); + cli_hexdump_rev(&(cmacvs_ctx.blocks),4); + cli_putstr("\r\n\tbuffer_idx == "); + cli_hexdump_rev(&(cmacvs_ctx.buffer_idx),2); + cli_putstr("\r\n\tin_byte == "); + cli_hexdump_rev(&(cmacvs_ctx.in_byte),1); +// _delay_ms(500); + + cli_putstr("\r\n starting last block"); + cli_putstr("\r\n\tlength == "); + cli_hexdump_rev(&mlen,4); + cli_putstr("\r\n\tbuffersize_B == "); + cli_hexdump_rev(&(cmacvs_ctx.buffersize_B),2); + uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8; + cli_putstr("\r\n\t (temp) == "); + cli_hexdump_rev(&temp,2); +// _delay_ms(500); +#endif + uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8; + bcal_cmac_lastBlock( &(cmacvs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */ +// length-(cmacvs_ctx.blocks)*((cmacvs_ctx.buffersize_B)*8)); + temp ); +#if DEBUG + cli_putstr("\r\n starting ctx2cmac"); + _delay_ms(500); +#endif + bcal_cmac_ctx2mac(tag, tlen*8, &(cmacvs_ctx.ctx)); +#if DEBUG + cli_putstr("\r\n starting cmac free"); +#endif + bcal_cmac_free(&(cmacvs_ctx.ctx)); + cli_putstr("\r\n Mac = "); + cli_hexdump(tag, tlen); + + } +} + + +void cmacvs_test2(void){ /* Ver tests */ + int32_t klen, mlen, tlen; + int32_t expect_input=0; + + if(!cmacvs_algo){ + cli_putstr("\r\nERROR: select algorithm first!"); + return; + } + char c; + cmacvs_ctx.buffersize_B=(cmacvs_algo->blocksize_b)/8; + uint8_t tag[cmacvs_ctx.buffersize_B]; + uint8_t tag_ref[cmacvs_ctx.buffersize_B]; + uint8_t buffer[cmacvs_ctx.buffersize_B+5]; + cmacvs_ctx.buffer = buffer; + cli_putstr("\r\nbuffer_size = 0x"); + cli_hexdump_rev(&(cmacvs_ctx.buffersize_B), 2); + cli_putstr(" bytes"); + for(;;){ + cmacvs_ctx.blocks = 0; + memset(buffer, 0, cmacvs_ctx.buffersize_B); + klen = getValue("Klen"); + if(klen<0){ + return; + } + mlen = getValue("Mlen"); + if(mlen<0){ + return; + } + tlen = getValue("Tlen"); + if(tlen<0){ + return; + } + uint8_t key_buffer[klen]; +#if DEBUG + cli_putstr("\r\nKLen == "); + cli_hexdump_rev(&klen, 4); + cli_putstr("\r\nMLen == "); + cli_hexdump_rev(&mlen, 4); + cli_putstr("\r\nTLen == "); + cli_hexdump_rev(&tlen, 4); +#endif + getKey(key_buffer, klen); + if(mlen==0){ + expect_input=2; + }else{ + expect_input=mlen*2; + } +#if DEBUG + cli_putstr("\r\nexpected_input == "); + cli_hexdump_rev(&expect_input, 4); + if(expect_input==0) + cli_putstr("\r\nexpected_input == 0 !!!"); +#endif + uint8_t ret; +#if DEBUG + cli_putstr("\r\n CMAC init"); + cli_putstr("\r\n (2) expected_input == "); + cli_hexdump_rev(&expect_input, 4); +#endif + ret = bcal_cmac_init(cmacvs_algo, key_buffer, klen*8, &(cmacvs_ctx.ctx)); + if(ret){ + cli_putstr("\r\n bcal_cmac_init returned with: "); + cli_hexdump(&ret, 1); + return; + } +#if DEBUG + cli_putstr("\r\n (3) expected_input == "); + cli_hexdump_rev(&expect_input, 4); + cli_putstr("\r\n"); +#endif + while((c=cli_getc_cecho())!='M' && c!='m'){ + if(!isspace(c)){ + cli_putstr("\r\nERROR: wrong input (1) [0x"); + cli_hexdump(&c, 1); + cli_putstr("]!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } + if((c=cli_getc_cecho())!='s' && c!='S'){ + cli_putstr("\r\nERROR: wrong input (2)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + if((c=cli_getc_cecho())!='g' && c!='G'){ + cli_putstr("\r\nERROR: wrong input (3)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + while((c=cli_getc_cecho())!='='){ + if(!isspace(c)){ + cli_putstr("\r\nERROR: wrong input (4)!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } +#if DEBUG + cli_putstr("\r\nparsing started"); +#endif + cmacvs_ctx.buffer_idx = 0; + cmacvs_ctx.in_byte = 0; + cmacvs_ctx.blocks = 0; + while(expect_input>0){ + c=cli_getc_cecho(); +#if DEBUG + cli_putstr("\r\n\t("); + cli_hexdump_rev(&expect_input, 4); + cli_putstr(") "); + _delay_ms(500); +#endif + if(buffer_add(c)==0){ + --expect_input; + }else{ + if(!isblank((uint16_t)c)){ + cli_putstr("\r\nERROR: wrong input (5) ("); + cli_putc(c); + cli_putstr(")!\r\n"); + bcal_cmac_free(&(cmacvs_ctx.ctx)); + return; + } + } + } +#if DEBUG + cli_putstr("\r\nBuffer-A:"); + cli_hexdump_block(buffer, cmacvs_ctx.buffersize_B, 5, 8); + + cli_putstr("\r\n starting finalisation"); + cli_putstr("\r\n\tblocks == "); + cli_hexdump_rev(&(cmacvs_ctx.blocks),4); + cli_putstr("\r\n\tbuffer_idx == "); + cli_hexdump_rev(&(cmacvs_ctx.buffer_idx),2); + cli_putstr("\r\n\tin_byte == "); + cli_hexdump_rev(&(cmacvs_ctx.in_byte),1); +// _delay_ms(500); + + cli_putstr("\r\n starting last block"); + cli_putstr("\r\n\tlength == "); + cli_hexdump_rev(&mlen,4); + cli_putstr("\r\n\tbuffersize_B == "); + cli_hexdump_rev(&(cmacvs_ctx.buffersize_B),2); + uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8; + cli_putstr("\r\n\t (temp) == "); + cli_hexdump_rev(&temp,2); +// _delay_ms(500); +#endif + uint16_t temp=(mlen-cmacvs_ctx.blocks*cmacvs_ctx.buffersize_B)*8; + bcal_cmac_lastBlock( &(cmacvs_ctx.ctx), buffer, /* be aware of freaking compilers!!! */ +// length-(cmacvs_ctx.blocks)*((cmacvs_ctx.buffersize_B)*8)); + temp ); +#if DEBUG + cli_putstr("\r\n starting ctx2cmac"); + _delay_ms(500); +#endif + bcal_cmac_ctx2mac(tag, tlen*8, &(cmacvs_ctx.ctx)); +#if DEBUG + cli_putstr("\r\n starting cmac free"); +#endif + bcal_cmac_free(&(cmacvs_ctx.ctx)); + cli_putstr("\r\n Mac = "); + cli_hexdump(tag, tlen); + getMac(tag_ref, tlen); + if(memcmp(tag, tag_ref, tlen)){ + cli_putstr("\r\n Result = F"); + }else{ + cli_putstr("\r\n Result = P"); + } + } +} diff --git a/test_src/cmacvs.h b/test_src/cmacvs.h new file mode 100644 index 0000000..f436275 --- /dev/null +++ b/test_src/cmacvs.h @@ -0,0 +1,42 @@ +/* cmacvs.h */ +/* + This file is part of the AVR-Crypto-Lib. + Copyright (C) 2008 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/** + * \file cmacvs.h + * \author Daniel Otte + * \date 2010-02-02 + * \license GPLv3 or later + * + */ + +#ifndef CMACVS_H_ +#define CMACVS_H_ + +#include +#include "blockcipher_descriptor.h" + +extern bcdesc_t* cmacvs_algo; +extern bcdesc_t** cmacvs_algolist; + +void cmacvs_listalgos(void); +void cmacvs_setalgo(char* param); +void cmacvs_test1(void); +void cmacvs_test2(void); + + +#endif /* CMACVS_H_ */ diff --git a/test_src/main-aes-test.c b/test_src/main-aes-test.c new file mode 100644 index 0000000..8b0f67e --- /dev/null +++ b/test_src/main-aes-test.c @@ -0,0 +1,735 @@ +/* main-aes-test.c */ +/* + This file is part of the ARM-Crypto-Lib. + Copyright (C) 2006-2010 Daniel Otte (daniel.otte@rub.de) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ +/* + * AES test-suit + * +*/ +#include +#include +#include +#include "config.h" +#include "cli.h" +#include "dump.h" +#include "uart_lowlevel.h" +#include "sysclock.h" +#include "hw_gptm.h" + +#include "aes/aes.h" + +#include "nessie_bc_test.h" +#include "performance_test.h" + +#include "bcal_aes128.h" +#include "bcal_aes192.h" +#include "bcal_aes256.h" +#include "bcal-cbc.h" +#include "bcal-cfb_byte.h" +#include "bcal-cfb_bit.h" +#include "bcal-ofb.h" +#include "bcal-ctr.h" +#include "bcal-cmac.h" +#include "bcal-eax.h" +#include "cmacvs.h" +#include "bcal-performance.h" + + +char* algo_name = "AES"; + +void uart0_putc(char byte){ + uart_putc(UART_0, byte); +} + +char uart0_getc(void){ + return uart_getc(UART_0); +} + +const bcdesc_t* algolist[] = { + (bcdesc_t*)&aes128_desc, + (bcdesc_t*)&aes192_desc, + (bcdesc_t*)&aes256_desc, + NULL +}; + +/***************************************************************************** + * additional validation-functions * + *****************************************************************************/ + +void testrun_nessie_aes(void){ + nessie_bc_ctx.blocksize_B = 16; + nessie_bc_ctx.keysize_b = 128; + nessie_bc_ctx.name = algo_name; + nessie_bc_ctx.ctx_size_B = sizeof(aes128_ctx_t); + nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes128_enc; + nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes128_dec; + nessie_bc_ctx.cipher_genctx = (nessie_bc_gen_fpt)aes_init; + nessie_bc_run(); + + nessie_bc_ctx.keysize_b = 192; + nessie_bc_ctx.ctx_size_B = sizeof(aes192_ctx_t); + nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes192_enc; + nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes192_dec; + nessie_bc_run(); + + nessie_bc_ctx.keysize_b = 256; + nessie_bc_ctx.ctx_size_B = sizeof(aes256_ctx_t); + nessie_bc_ctx.cipher_enc = (nessie_bc_enc_fpt)aes256_enc; + nessie_bc_ctx.cipher_dec = (nessie_bc_dec_fpt)aes256_dec; + nessie_bc_run(); +} + +void testrun_test_aes(void){ + uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16, + 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, + 0x09, 0xcf, 0x4f, 0x3c }; + uint8_t data[16] = { 0x32, 0x43, 0xf6, 0xa8, + 0x88, 0x5a, 0x30, 0x8d, + 0x31, 0x31, 0x98, 0xa2, + 0xe0, 0x37, 0x07, 0x34 }; + aes128_ctx_t ctx; + aes128_init(key, &ctx); + cli_putstr("\r\n\r\n cipher test (FIPS 197):\r\n key: "); + cli_hexdump(key, 16); + cli_putstr("\r\n plaintext: "); + cli_hexdump(data, 16); + aes128_enc(data, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump(data, 16); + aes128_dec(data, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump(data, 16); + cli_putstr("\r\n testing bcal:"); + bcgen_ctx_t bcal_ctx; + uint8_t r; + r = bcal_cipher_init(&aes128_desc, key, 128, &bcal_ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + + bcal_cipher_enc(data, &bcal_ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump(data, 16); + bcal_cipher_dec(data, &bcal_ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump(data, 16); + bcal_cipher_free(&bcal_ctx); +} + +void testrun_testkey_aes128(void){ + uint8_t key[16] = { 0x2b, 0x7e, 0x15, 0x16, + 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, + 0x09, 0xcf, 0x4f, 0x3c}; + aes128_ctx_t ctx; + uint8_t i; + aes128_init(key, &ctx); + cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "); + cli_hexdump(key, 16); + for(i=0; i<11; ++i){ + cli_putstr("\r\n index: "); + cli_putc('0'+i/10); + cli_putc('0'+i%10); + cli_putstr(" roundkey "); + cli_hexdump(ctx.key[i].ks, 16); + } +} + +void testrun_testkey_aes192(void){ + uint8_t key[24] = { 0x8e, 0x73, 0xb0, 0xf7, + 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, + 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, + 0x52, 0x2c, 0x6b, 0x7b}; + aes192_ctx_t ctx; + uint8_t i; + memset(&ctx, 0, sizeof(aes192_ctx_t)); + aes192_init(key, &ctx); + cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "); + cli_hexdump(key, 24); + for(i=0; i<13; ++i){ + cli_putstr("\r\n index: "); + cli_putc('0'+i/10); + cli_putc('0'+i%10); + cli_putstr(" roundkey "); + cli_hexdump(ctx.key[i].ks, 16); + } +} + + +void testrun_testkey_aes256(void){ + uint8_t key[32] = { 0x60, 0x3d, 0xeb, 0x10, + 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, + 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, + 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, + 0x09, 0x14, 0xdf, 0xf4}; + aes256_ctx_t ctx; + uint8_t i; + memset(&ctx, 0, sizeof(aes256_ctx_t)); + aes256_init(key, &ctx); + cli_putstr("\r\n\r\n keyschedule test (FIPS 197):\r\n key: "); + cli_hexdump(key, 32); + for(i=0; i<15; ++i){ + cli_putstr("\r\n index: "); + cli_putc('0'+i/10); + cli_putc('0'+i%10); + cli_putstr(" roundkey "); + cli_hexdump(ctx.key[i].ks, 16); + } +} + +void testrun_testkey_aes(void){ + testrun_testkey_aes128(); + testrun_testkey_aes192(); + testrun_testkey_aes256(); +} + +const uint8_t modes_key[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + }; +const uint8_t modes_iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + +const uint8_t modes_ctriv[] = { + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff + }; + +const uint8_t modes_plain[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /* --- */ + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + /* --- */ + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + /* --- */ + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + }; + + +void testrun_aes128_cbc(void){ + uint8_t key[16]; + uint8_t iv[16]; + uint8_t plain[64]; + + bcal_cbc_ctx_t ctx; + uint8_t r; + + memcpy(key, modes_key, 16); + memcpy(iv, modes_iv, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-CBC-TEST **"); + r = bcal_cbc_init(&aes128_desc, key, 128, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + cli_putstr("\r\n IV: "); + cli_hexdump(iv, 128/8); + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(plain, 4*128/8, 4, 16); + if(r) + return; + bcal_cbc_encMsg(iv, plain, 4, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_cbc_decMsg(iv, plain, 4, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_cbc_free(&ctx); +} + +void testrun_aes128_cfb8(void){ + uint8_t key[16]; + uint8_t iv[16]; + uint8_t plain[64]; + + bcal_cfb_B_ctx_t ctx; + uint8_t r; + + memcpy(key, modes_key, 16); + memcpy(iv, modes_iv, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-CFB8-TEST **"); + r = bcal_cfb_B_init(&aes128_desc, key, 128, 8, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + cli_putstr("\r\n IV: "); + cli_hexdump(iv, 128/8); + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(plain, 4*128/8, 4, 16); + if(r) + return; + bcal_cfb_B_encMsg(iv, plain, 64, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 64, 4, 16); + + bcal_cfb_B_decMsg(iv, plain, 64, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 64, 4, 16); + + bcal_cfb_B_free(&ctx); + +} + +void testrun_aes128_cfb1(void){ + uint8_t key[16]; + uint8_t iv[16]; + uint8_t plain[64]; + + bcal_cfb_b_ctx_t ctx; + uint8_t r; + + memcpy(key, modes_key, 16); + memcpy(iv, modes_iv, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-CFB1-TEST **"); + r = bcal_cfb_b_init(&aes128_desc, key, 128, 1, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + cli_putstr("\r\n IV: "); + cli_hexdump(iv, 128/8); + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(plain, 2, 4, 16); + if(r) + return; + uint8_t i, bit_offset, byte_offset; + bcal_cfb_b_loadIV(iv, &ctx); + for(i=0; i<16; ++i){ + byte_offset = i/8; + bit_offset = i&7; + cli_putstr("\r\n plain bit: "); + cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0'); + bcal_cfb_b_encNext(plain+byte_offset, bit_offset, &ctx); + cli_putstr("\r\n cipher bit: "); + cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0'); + } + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 2, 4, 16); + + bcal_cfb_b_loadIV(iv, &ctx); + for(i=0; i<16; ++i){ + byte_offset = i/8; + bit_offset = i&7; + cli_putstr("\r\n plain bit: "); + cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0'); + bcal_cfb_b_decNext(plain+byte_offset, bit_offset, &ctx); + cli_putstr("\r\n cipher bit: "); + cli_putc((plain[byte_offset]&(1<<(7-bit_offset)))?'1':'0'); + } + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 2, 4, 16); + + + bcal_cfb_b_encMsg(iv, plain, 0, 64*8, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 64, 4, 16); + + bcal_cfb_b_decMsg(iv, plain, 0, 64*8, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 64, 4, 16); + + bcal_cfb_b_free(&ctx); +} + +void testrun_aes128_ofb(void){ + uint8_t key[16]; + uint8_t iv[16]; + uint8_t plain[64]; + + bcal_ofb_ctx_t ctx; + uint8_t r; + + memcpy(key, modes_key, 16); + memcpy(iv, modes_iv, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-OFB-TEST **"); + r = bcal_ofb_init(&aes128_desc, key, 128, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + cli_putstr("\r\n IV: "); + cli_hexdump(iv, 128/8); + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(plain, 4*128/8, 4, 16); + if(r) + return; + bcal_ofb_encMsg(iv, plain, 4*128, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_ofb_decMsg(iv, plain, 4*128, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_ofb_free(&ctx); +} + +void testrun_aes128_ctr(void){ + uint8_t key[16]; + uint8_t iv[16]; + uint8_t plain[64]; + + bcal_ctr_ctx_t ctx; + uint8_t r; + + memcpy(key, modes_key, 16); + memcpy(iv, modes_ctriv, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-CTR-TEST **"); + r = bcal_ctr_init(&aes128_desc, key, 128, NULL, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + cli_putstr("\r\n IV: "); + cli_hexdump(iv, 128/8); + cli_putstr("\r\n plaintext:"); + cli_hexdump_block(plain, 4*128/8, 4, 16); + if(r) + return; + bcal_ctr_encMsg(iv, plain, 4*128, &ctx); + cli_putstr("\r\n ciphertext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_ctr_decMsg(iv, plain, 4*128, &ctx); + cli_putstr("\r\n plaintext: "); + cli_hexdump_block(plain, 4*128/8, 4, 16); + bcal_ctr_free(&ctx); +} + +void testrun_aes128_cmac(void){ + uint8_t key[16]; + uint8_t tag[16]; + uint8_t plain[64]; + uint16_t length[] = { 0, 128, 320, 512 }; + bcal_cmac_ctx_t ctx; + uint8_t r,i; + + memcpy(key, modes_key, 16); + memcpy(plain, modes_plain, 64); + + cli_putstr("\r\n** AES128-CMAC-TEST **"); + + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + for(i=0; i<4; ++i){ + r = bcal_cmac_init(&aes128_desc, key, 128, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n message: "); + cli_hexdump_block(plain, length[i]/8, 4, 16); + if(r) + return; + bcal_cmac(tag, 128, plain, length[i], &ctx); + cli_putstr("\r\n tag: "); + cli_hexdump_block(tag, 128/8, 4, 16); + bcal_cmac_free(&ctx); + } +} +/* +Klen = 16 +Mlen = 18 +Tlen = 2 +Key = 3250974e306b4b678f914b514d1e90f6 +Msg = cf132fd4ebc25fd3866f1a95a6193a1a9cdf +*/ +void testrun_aes128_cmac72(void){ + uint8_t key[16]= { + 0x32, 0x50, 0x97, 0x4e, 0x30, 0x6b, 0x4b, 0x67, + 0x8f, 0x91, 0x4b, 0x51, 0x4d, 0x1e, 0x90, 0xf6 + }; + uint8_t tag[2]; + uint8_t plain[18] = { + 0xcf, 0x13, 0x2f, 0xd4, 0xeb, 0xc2, 0x5f, 0xd3, + 0x86, 0x6f, 0x1a, 0x95, 0xa6, 0x19, 0x3a, 0x1a, + 0x9c, 0xdf, + }; + bcal_cmac_ctx_t ctx; + uint8_t r; + + + cli_putstr("\r\n** AES128-CMAC-72-TEST **"); + + cli_putstr("\r\n key: "); + cli_hexdump(key, 128/8); + r = bcal_cmac_init(&aes128_desc, key, 128, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + cli_putstr("\r\n message: "); + cli_hexdump_block(plain, 18, 4, 16); + if(r) + return; + bcal_cmac(tag, 16, plain, 18*8, &ctx); + cli_putstr("\r\n tag: "); + cli_hexdump_block(tag, 2, 4, 16); + bcal_cmac_free(&ctx); +} +/* +Count = 0 +Klen = 24 +Mlen = 0 +Tlen = 2 +Key = 2b2aaa666be161ed16648e862ac9bd1e317f71bc69e268b5 +Msg = 00 +*/ +void testrun_aes192_cmac0(void){ + uint8_t key[24]= { + 0x2b, 0x2a, 0xaa, 0x66, 0x6b, 0xe1, 0x61, 0xed, + 0x16, 0x64, 0x8e, 0x86, 0x2a, 0xc9, 0xbd, 0x1e, + 0x31, 0x7f, 0x71, 0xbc, 0x69, 0xe2, 0x68, 0xb5 + }; + uint8_t tag[2]; + uint8_t plain[1] = { + 0x00 + }; + bcal_cmac_ctx_t ctx; + uint8_t r; + + + cli_putstr("\r\n** AES192-CMAC-0-TEST **"); + + cli_putstr("\r\n key: "); + cli_hexdump(key, 192/8); + r = bcal_cmac_init(&aes192_desc, key, 192, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + if(r) + return; + bcal_cmac(tag, 16, plain, 0*8, &ctx); + cli_putstr("\r\n tag: "); + cli_hexdump_block(tag, 2, 4, 16); + bcal_cmac_free(&ctx); +} + +const uint8_t eax_msg[] = { + 0xF7, 0xFB, + 0x1A, 0x47, 0xCB, 0x49, 0x33, + 0x48, 0x1C, 0x9E, 0x39, 0xB1, + 0x40, 0xD0, 0xC0, 0x7D, 0xA5, 0xE4, + 0x4D, 0xE3, 0xB3, 0x5C, 0x3F, 0xC0, 0x39, 0x24, 0x5B, 0xD1, 0xFB, 0x7D, + 0x8B, 0x0A, 0x79, 0x30, 0x6C, 0x9C, 0xE7, 0xED, 0x99, 0xDA, 0xE4, 0xF8, 0x7F, 0x8D, 0xD6, 0x16, 0x36, + 0x1B, 0xDA, 0x12, 0x2B, 0xCE, 0x8A, 0x8D, 0xBA, 0xF1, 0x87, 0x7D, 0x96, 0x2B, 0x85, 0x92, 0xDD, 0x2D, 0x56, + 0x6C, 0xF3, 0x67, 0x20, 0x87, 0x2B, 0x85, 0x13, 0xF6, 0xEA, 0xB1, 0xA8, 0xA4, 0x44, 0x38, 0xD5, 0xEF, 0x11, + 0xCA, 0x40, 0xD7, 0x44, 0x6E, 0x54, 0x5F, 0xFA, 0xED, 0x3B, 0xD1, 0x2A, 0x74, 0x0A, 0x65, 0x9F, 0xFB, 0xBB, 0x3C, 0xEA, 0xB7 +}; + +const uint8_t eax_msg_len[] = {0, 2, 5, 5, 6, 12, 17, 18, 18, 21}; + +const uint8_t eax_key[] = { + 0x23, 0x39, 0x52, 0xDE, 0xE4, 0xD5, 0xED, 0x5F, 0x9B, 0x9C, 0x6D, 0x6F, 0xF8, 0x0F, 0xF4, 0x78, + 0x91, 0x94, 0x5D, 0x3F, 0x4D, 0xCB, 0xEE, 0x0B, 0xF4, 0x5E, 0xF5, 0x22, 0x55, 0xF0, 0x95, 0xA4, + 0x01, 0xF7, 0x4A, 0xD6, 0x40, 0x77, 0xF2, 0xE7, 0x04, 0xC0, 0xF6, 0x0A, 0xDA, 0x3D, 0xD5, 0x23, + 0xD0, 0x7C, 0xF6, 0xCB, 0xB7, 0xF3, 0x13, 0xBD, 0xDE, 0x66, 0xB7, 0x27, 0xAF, 0xD3, 0xC5, 0xE8, + 0x35, 0xB6, 0xD0, 0x58, 0x00, 0x05, 0xBB, 0xC1, 0x2B, 0x05, 0x87, 0x12, 0x45, 0x57, 0xD2, 0xC2, + 0xBD, 0x8E, 0x6E, 0x11, 0x47, 0x5E, 0x60, 0xB2, 0x68, 0x78, 0x4C, 0x38, 0xC6, 0x2F, 0xEB, 0x22, + 0x7C, 0x77, 0xD6, 0xE8, 0x13, 0xBE, 0xD5, 0xAC, 0x98, 0xBA, 0xA4, 0x17, 0x47, 0x7A, 0x2E, 0x7D, + 0x5F, 0xFF, 0x20, 0xCA, 0xFA, 0xB1, 0x19, 0xCA, 0x2F, 0xC7, 0x35, 0x49, 0xE2, 0x0F, 0x5B, 0x0D, + 0xA4, 0xA4, 0x78, 0x2B, 0xCF, 0xFD, 0x3E, 0xC5, 0xE7, 0xEF, 0x6D, 0x8C, 0x34, 0xA5, 0x61, 0x23, + 0x83, 0x95, 0xFC, 0xF1, 0xE9, 0x5B, 0xEB, 0xD6, 0x97, 0xBD, 0x01, 0x0B, 0xC7, 0x66, 0xAA, 0xC3 +}; + +const uint8_t eax_nonce[] = { + 0x62, 0xEC, 0x67, 0xF9, 0xC3, 0xA4, 0xA4, 0x07, 0xFC, 0xB2, 0xA8, 0xC4, 0x90, 0x31, 0xA8, 0xB3, + 0xBE, 0xCA, 0xF0, 0x43, 0xB0, 0xA2, 0x3D, 0x84, 0x31, 0x94, 0xBA, 0x97, 0x2C, 0x66, 0xDE, 0xBD, + 0x70, 0xC3, 0xDB, 0x4F, 0x0D, 0x26, 0x36, 0x84, 0x00, 0xA1, 0x0E, 0xD0, 0x5D, 0x2B, 0xFF, 0x5E, + 0x84, 0x08, 0xDF, 0xFF, 0x3C, 0x1A, 0x2B, 0x12, 0x92, 0xDC, 0x19, 0x9E, 0x46, 0xB7, 0xD6, 0x17, + 0xFD, 0xB6, 0xB0, 0x66, 0x76, 0xEE, 0xDC, 0x5C, 0x61, 0xD7, 0x42, 0x76, 0xE1, 0xF8, 0xE8, 0x16, + 0x6E, 0xAC, 0x5C, 0x93, 0x07, 0x2D, 0x8E, 0x85, 0x13, 0xF7, 0x50, 0x93, 0x5E, 0x46, 0xDA, 0x1B, + 0x1A, 0x8C, 0x98, 0xDC, 0xD7, 0x3D, 0x38, 0x39, 0x3B, 0x2B, 0xF1, 0x56, 0x9D, 0xEE, 0xFC, 0x19, + 0xDD, 0xE5, 0x9B, 0x97, 0xD7, 0x22, 0x15, 0x6D, 0x4D, 0x9A, 0xFF, 0x2B, 0xC7, 0x55, 0x98, 0x26, + 0xB7, 0x81, 0xFC, 0xF2, 0xF7, 0x5F, 0xA5, 0xA8, 0xDE, 0x97, 0xA9, 0xCA, 0x48, 0xE5, 0x22, 0xEC, + 0x22, 0xE7, 0xAD, 0xD9, 0x3C, 0xFC, 0x63, 0x93, 0xC5, 0x7E, 0xC0, 0xB3, 0xC1, 0x7D, 0x6B, 0x44 +}; + +const uint8_t eax_header[] = { + 0x6B, 0xFB, 0x91, 0x4F, 0xD0, 0x7E, 0xAE, 0x6B, + 0xFA, 0x3B, 0xFD, 0x48, 0x06, 0xEB, 0x53, 0xFA, + 0x23, 0x4A, 0x34, 0x63, 0xC1, 0x26, 0x4A, 0xC6, + 0x33, 0xCC, 0xE2, 0xEA, 0xBF, 0xF5, 0xA7, 0x9D, + 0xAE, 0xB9, 0x6E, 0xAE, 0xBE, 0x29, 0x70, 0xE9, + 0xD4, 0x48, 0x2D, 0x1C, 0xA7, 0x8D, 0xCE, 0x0F, + 0x65, 0xD2, 0x01, 0x79, 0x90, 0xD6, 0x25, 0x28, + 0x54, 0xB9, 0xF0, 0x4E, 0x6A, 0x09, 0x18, 0x9A, + 0x89, 0x9A, 0x17, 0x58, 0x97, 0x56, 0x1D, 0x7E, + 0x12, 0x67, 0x35, 0xFC, 0xC3, 0x20, 0xD2, 0x5A +}; + +const uint8_t eax_cipher[] = { + 0xE0, 0x37, 0x83, 0x0E, 0x83, 0x89, 0xF2, 0x7B, 0x02, 0x5A, 0x2D, 0x65, 0x27, 0xE7, 0x9D, 0x01, + 0x19, 0xDD, 0x5C, 0x4C, 0x93, 0x31, 0x04, 0x9D, 0x0B, 0xDA, 0xB0, 0x27, 0x74, 0x08, 0xF6, 0x79, 0x67, 0xE5, + 0xD8, 0x51, 0xD5, 0xBA, 0xE0, 0x3A, 0x59, 0xF2, 0x38, 0xA2, 0x3E, 0x39, 0x19, 0x9D, 0xC9, 0x26, 0x66, 0x26, 0xC4, 0x0F, 0x80, + 0x63, 0x2A, 0x9D, 0x13, 0x1A, 0xD4, 0xC1, 0x68, 0xA4, 0x22, 0x5D, 0x8E, 0x1F, 0xF7, 0x55, 0x93, 0x99, 0x74, 0xA7, 0xBE, 0xDE, + 0x07, 0x1D, 0xFE, 0x16, 0xC6, 0x75, 0xCB, 0x06, 0x77, 0xE5, 0x36, 0xF7, 0x3A, 0xFE, 0x6A, 0x14, 0xB7, 0x4E, 0xE4, 0x98, 0x44, 0xDD, + 0x83, 0x5B, 0xB4, 0xF1, 0x5D, 0x74, 0x3E, 0x35, 0x0E, 0x72, 0x84, 0x14, 0xAB, 0xB8, 0x64, 0x4F, 0xD6, 0xCC, 0xB8, 0x69, 0x47, 0xC5, 0xE1, 0x05, 0x90, 0x21, 0x0A, 0x4F, + 0x02, 0x08, 0x3E, 0x39, 0x79, 0xDA, 0x01, 0x48, 0x12, 0xF5, 0x9F, 0x11, 0xD5, 0x26, 0x30, 0xDA, 0x30, 0x13, 0x73, 0x27, 0xD1, 0x06, 0x49, 0xB0, 0xAA, 0x6E, 0x1C, 0x18, 0x1D, 0xB6, 0x17, 0xD7, 0xF2, + 0x2E, 0xC4, 0x7B, 0x2C, 0x49, 0x54, 0xA4, 0x89, 0xAF, 0xC7, 0xBA, 0x48, 0x97, 0xED, 0xCD, 0xAE, 0x8C, 0xC3, 0x3B, 0x60, 0x45, 0x05, 0x99, 0xBD, 0x02, 0xC9, 0x63, 0x82, 0x90, 0x2A, 0xEF, 0x7F, 0x83, 0x2A, + 0x0D, 0xE1, 0x8F, 0xD0, 0xFD, 0xD9, 0x1E, 0x7A, 0xF1, 0x9F, 0x1D, 0x8E, 0xE8, 0x73, 0x39, 0x38, 0xB1, 0xE8, 0xE7, 0xF6, 0xD2, 0x23, 0x16, 0x18, 0x10, 0x2F, 0xDB, 0x7F, 0xE5, 0x5F, 0xF1, 0x99, 0x17, 0x00, + 0xCB, 0x89, 0x20, 0xF8, 0x7A, 0x6C, 0x75, 0xCF, 0xF3, 0x96, 0x27, 0xB5, 0x6E, 0x3E, 0xD1, 0x97, 0xC5, 0x52, 0xD2, 0x95, 0xA7, 0xCF, 0xC4, 0x6A, 0xFC, 0x25, 0x3B, 0x46, 0x52, 0xB1, 0xAF, 0x37, 0x95, 0xB1, 0x24, 0xAB, 0x6E +}; + +void testrun_aes128_eax(void){ + uint8_t key[16]; + uint8_t nonce[16]; + uint8_t header[8]; + uint8_t tag[16]; + uint8_t msg[21]; + uint8_t msg_len; + const void* msg_p; + const void* cipher_p; + uint8_t i, r; + + bcal_eax_ctx_t ctx; + + msg_p = eax_msg; + cipher_p = eax_cipher; + for(i=0; i<10; ++i){ + cli_putstr("\r\n\r\n** AES128-EAX-TEST #"); + cli_putc('0'+i); + cli_putstr(" **"); + + msg_len = eax_msg_len[i]; + memcpy(key, eax_key+16*i, 16); + memcpy(nonce, eax_nonce+16*i, 16); + memcpy(header, eax_header+8*i, 8); + memcpy(msg, msg_p, msg_len); + msg_p = (uint8_t*)msg_p+msg_len; + + cli_putstr("\r\n key: "); + cli_hexdump(key, 16); + cli_putstr("\r\n msg: "); + if(msg_len){ + cli_hexdump(msg, msg_len); + } + cli_putstr("\r\n nonce: "); + cli_hexdump(nonce, 16); + cli_putstr("\r\n header: "); + cli_hexdump(header, 8); + + r = bcal_eax_init(&aes128_desc, key, 128, &ctx); + cli_putstr("\r\n init = 0x"); + cli_hexdump(&r, 1); + if(r) + return; + bcal_eax_loadNonce(nonce, 16*8, &ctx); + bcal_eax_addLastHeader(header, 8*8, &ctx); + bcal_eax_encLastBlock(msg, msg_len*8, &ctx); + bcal_eax_ctx2tag(tag, 128, &ctx); + + cli_putstr("\r\n cipher: "); + cli_hexdump_block(msg, msg_len, 4, 16); + + cli_putstr("\r\n tag: "); + cli_hexdump_block(tag, 16, 4, 16); + + if(memcmp(msg, cipher_p, msg_len)){ + cli_putstr("\r\n cipher: [fail]\r\n should: "); + memcpy(msg, cipher_p, msg_len); + cli_hexdump_block(msg, msg_len, 4, 16); + }else{ + cli_putstr("\r\n cipher: [pass]"); + } + cipher_p = ((uint8_t*)cipher_p)+msg_len; + // * + if(memcmp(tag, cipher_p, 16)){ + cli_putstr("\r\n tag: [fail]"); + }else{ + cli_putstr("\r\n tag: [pass]"); + } + + cipher_p = ((uint8_t*)cipher_p)+16; + bcal_eax_free(&ctx); + } +} + +/*****************************************************************************/ + +void testrun_performance_aes(void){ + bcal_performance_multiple(algolist); +} + +/***************************************************************************** + * main * + *****************************************************************************/ + +const cmdlist_entry_t cmdlist[] = { + { "nessie", NULL, testrun_nessie_aes }, + { "test", NULL, testrun_test_aes }, + { "testkey", NULL, testrun_testkey_aes }, + { "testcbc", NULL, testrun_aes128_cbc }, + { "testcfb8", NULL, testrun_aes128_cfb8 }, + { "testcfb1", NULL, testrun_aes128_cfb1 }, + { "testofb", NULL, testrun_aes128_ofb }, + { "testctr", NULL, testrun_aes128_ctr }, + { "testcmac", NULL, testrun_aes128_cmac }, + { "testcmac72", NULL, testrun_aes128_cmac72 }, + { "testcmac0", NULL, testrun_aes192_cmac0 }, + { "testeax", NULL, testrun_aes128_eax }, + { "cmacvs_list", NULL, cmacvs_listalgos }, + { "cmacvs_set", (void*)1, (void_fpt)cmacvs_setalgo }, + { "cmacvs_test1", NULL, cmacvs_test1 }, + { "cmacvs_test2", NULL, cmacvs_test2 }, + { "performance", NULL, testrun_performance_aes }, + { "dump", (void*)1, (void_fpt)dump }, + { "echo", (void*)1, (void_fpt)echo_ctrl }, + { NULL, NULL, NULL } +}; + + +int main (void){ + sysclk_set_freq(SYS_FREQ); + sysclk_mosc_verify_enable(); + uart_init(UART_0, 115200, 8, UART_PARATY_NONE, UART_STOPBITS_ONE); + gptm_set_timer_32periodic(TIMER0); + + cli_rx = uart0_getc; + cli_tx = uart0_putc; + + cmacvs_algolist=(bcdesc_t**)algolist; + cmacvs_algo=(bcdesc_t*)&aes128_desc; + + for(;;){ + cli_putstr("\r\n\r\nARM-Crypto-Lib VS ("); + cli_putstr(algo_name); + cli_putstr("; "); + cli_putstr(__DATE__); + cli_putc(' '); + cli_putstr(__TIME__); + cli_putstr(")\r\nloaded and running\r\n"); + cmd_interface(cmdlist); + } +} + -- 2.39.5