forgotten directories

[avr-crypto-lib.git] / bcal / bcal-cmac.c

diff --git a/bcal/bcal-cmac.c b/bcal/bcal-cmac.c
new file mode 100644 (file)
index 0000000..5821e26
--- /dev/null
+++ b/bcal/bcal-cmac.c
@@ -0,0 +1,152 @@
+/* bcal-omac.c */
+/*
+    This file is part of the AVR-Crypto-Lib.
+    Copyright (C) 2010 Daniel Otte (daniel.otte@rub.de)
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+#include <stdint.h>
+#include <string.h>
+#include "bcal-basic.h"
+#include "bcal-cmac.h"
+#include "memxor/memxor.h"
+
+
+static uint8_t left_shift_be_block(void* block, uint8_t blocksize_B){
+       uint8_t c1=0, c2;
+       do{
+               --blocksize_B;
+               c2 = (((uint8_t*)block)[blocksize_B])>>7;
+               (((uint8_t*)block)[blocksize_B]) <<= 1;
+               (((uint8_t*)block)[blocksize_B]) |= c1;
+               c1 = c2;
+       }while(blocksize_B);
+       return c1;
+}
+
+static const uint8_t const_128 = 0x87;
+static const uint8_t const_64  = 0x1b;
+
+uint8_t bcal_cmac_init(const bcdesc_t* desc, const void* key, uint16_t keysize_b, bcal_cmac_ctx_t* ctx){
+       uint8_t r;
+       ctx->desc = (bcdesc_t*)desc;
+       ctx->blocksize_B = bcal_cipher_getBlocksize_b(desc)/8;
+       if (ctx->blocksize_B!=128/8 && ctx->blocksize_B!=64/8){
+               return 0x13;
+       }
+       ctx->accu = malloc(ctx->blocksize_B);
+       if(ctx->accu==NULL){
+               return 0x14;
+       }
+       ctx->k1 = malloc(ctx->blocksize_B);
+       if(ctx->k1==NULL){
+               return 0x15;
+       }
+       ctx->k2 = malloc(ctx->blocksize_B);
+       if(ctx->k2==NULL){
+               return 0x16;
+       }
+       ctx->lastblock = malloc(ctx->blocksize_B);
+       if(ctx->lastblock==NULL){
+               return 0x17;
+       }
+       r = bcal_cipher_init(desc, key, keysize_b, &(ctx->cctx));
+       if(r){
+               return r;
+       }
+       if(ctx->blocksize_B==128/8){
+               r = const_128;
+       }else{
+               r = const_64;
+       }
+       /* subkey computation */
+       memset(ctx->accu, 0x00, ctx->blocksize_B);
+       memset(ctx->k1, 0x00, ctx->blocksize_B);
+       bcal_cipher_enc(ctx->k1, &(ctx->cctx));
+       if(left_shift_be_block(ctx->k1, ctx->blocksize_B)){
+               ctx->k1[ctx->blocksize_B-1] ^= r;
+       }
+       memcpy(ctx->k2, ctx->k1, ctx->blocksize_B);
+       if(left_shift_be_block(ctx->k2, ctx->blocksize_B)){
+               ctx->k2[ctx->blocksize_B-1] ^= r;
+       }
+       ctx->last_set=0;
+       return 0;
+}
+
+void bcal_cmac_free(bcal_cmac_ctx_t* ctx){
+       free(ctx->accu);
+       free(ctx->k1);
+       free(ctx->k2);
+       bcal_cipher_free(&(ctx->cctx));
+}
+
+void bcal_cmac_nextBlock (bcal_cmac_ctx_t* ctx, const void* block){
+       if(ctx->last_set){
+               memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+               bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+       }
+       memcpy(ctx->lastblock, block, ctx->blocksize_B);
+       ctx->last_set=1;
+}
+
+
+void bcal_cmac_lastBlock(bcal_cmac_ctx_t* ctx, const void* block, uint16_t length_b){
+       uint16_t blocksize_b;
+       blocksize_b = ctx->blocksize_B*8;
+       while(length_b>=blocksize_b){
+               bcal_cmac_nextBlock(ctx, block);
+               block = (uint8_t*)block + ctx->blocksize_B;
+               length_b -= blocksize_b;
+       }
+       if(ctx->last_set==0){
+               memxor(ctx->accu, block, (length_b+7)/8);
+               memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+               ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+       }else{
+               if(length_b==0){
+                       memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+                       memxor(ctx->accu, ctx->k1, ctx->blocksize_B);
+               }else{
+                       memxor(ctx->accu, ctx->lastblock, ctx->blocksize_B);
+                       bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+                       memxor(ctx->accu, block, (length_b+7)/8);
+                       memxor(ctx->accu, ctx->k2, ctx->blocksize_B);
+                       ctx->accu[length_b/8] ^= 0x80>>(length_b&7);
+               }
+       }
+       bcal_cipher_enc(ctx->accu, &(ctx->cctx));
+}
+
+void bcal_cmac_ctx2mac(void* dest, uint16_t length_b, const bcal_cmac_ctx_t* ctx){
+       memcpy(dest, ctx->accu, length_b/8);
+       if(length_b&7){
+               ((uint8_t*)dest)[length_b/8] &= 0xff>>(length_b&7);
+               ((uint8_t*)dest)[length_b/8] |= (0xff00>>(length_b&7))&(ctx->accu[length_b/8]);
+       }
+}
+
+void bcal_cmac(void* dest, uint16_t out_length_b, const void* block, uint32_t length_b, bcal_cmac_ctx_t* ctx){
+       uint16_t blocksize_b;
+       blocksize_b = ctx->blocksize_B*8;
+       while(length_b>blocksize_b){
+               bcal_cmac_nextBlock(ctx, block);
+               block = (uint8_t*)block + ctx->blocksize_B;
+               length_b -= blocksize_b;
+       }
+       bcal_cmac_lastBlock(ctx, block, length_b);
+       bcal_cmac_ctx2mac(dest, out_length_b, ctx);
+}