elopes / PFE15

Blame view

RIOT/sys/hashes/cmac.c 2.5 KB
Edit Raw Normal View History
a752c7ab   elopes   add first test an... 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
  /*
   * Copyright (C) 2016 Fundación Inria Chile
   *
   * This file is subject to the terms and conditions of the GNU Lesser
   * General Public License v2.1. See the file LICENSE in the top level
   * directory for more details.
   */
  
  /**
   * @ingroup     sys_hashes_cmac
   * @{
   *
   * @file
   * @brief       AES_CMAC implementation
   *
   * @author      José Ignacio Alamos <jose.alamos@inria.cl>
   *
   * @}
   */
  
  #include <inttypes.h>
  #include <stdio.h>
  #include <string.h>
  
  #include "crypto/ciphers.h"
  #include "hashes/cmac.h"
  
  #define MIN(a, b) a < b ? a : b
  
  static void _xor128(uint8_t *x, uint8_t *y)
  {
      for (unsigned i = 0; i < 16; i++) {
          y[i] = x[i] ^ y[i];
      }
  }
  
  static void _leftshift(uint8_t *x, uint8_t *y)
  {
      for (unsigned i = 0; i < 15; i++) {
          y[i] = (x[i] << 1) | (x[i + 1] >> 7);
      }
      y[15] = x[15] << 1;
  }
  
  int cmac_init(cmac_context_t *ctx, const uint8_t *key, uint8_t key_size)
  {
      if (key_size != CMAC_BLOCK_SIZE) {
          return CIPHER_ERR_INVALID_KEY_SIZE;
      }
  
      memset(ctx, 0, sizeof(cmac_context_t));
      return cipher_init(&(ctx->aes_ctx), CIPHER_AES_128, key, key_size);
  }
  
  void cmac_update(cmac_context_t *ctx, const void *data, size_t len)
  {
      uint8_t d[16];
  
      while (len) {
          uint8_t c;
          if (ctx->M_n == 16) {
              ctx->M_n = 0;
              _xor128(ctx->M_last, ctx->X);
              cipher_encrypt(&ctx->aes_ctx, ctx->X, d);
              memcpy(ctx->X, d, CMAC_BLOCK_SIZE);
          }
          c = MIN(CMAC_BLOCK_SIZE - ctx->M_n, len);
          memcpy(ctx->M_last + ctx->M_n, data, c);
          ctx->M_n += c;
          len -= c;
          data = (void *) (((uint8_t *) data) + c);
  
          if (ctx->M_n < CMAC_BLOCK_SIZE) {
              break;
          }
      }
  }
  
  void cmac_final(cmac_context_t *ctx, void *digest)
  {
      /* Generate subkeys */
      uint8_t K[CMAC_BLOCK_SIZE];
      uint8_t L[CMAC_BLOCK_SIZE];
  
      memset(K, 0, CMAC_BLOCK_SIZE);
      cipher_encrypt(&ctx->aes_ctx, K, L);
  
      if (L[0] & 0x80) {
          _leftshift(L, K);
          K[15] ^= 0x87;
      }
      else {
          _leftshift(L, K);
      }
  
      if (ctx->M_n != 16) {
          /* Generate K2 */
          if (K[0] & 0x80) {
              _leftshift(K, K);
              K[15] ^= 0x87;
          }
          else {
              _leftshift(K, K);
          }
          /* Padding */
          memset(ctx->M_last + ctx->M_n, 0, CMAC_BLOCK_SIZE - ctx->M_n);
          ctx->M_last[ctx->M_n] = 0x80;
      }
      _xor128(K, ctx->M_last);
      _xor128(ctx->M_last, ctx->X);
      cipher_encrypt(&ctx->aes_ctx, ctx->X, L);
      memcpy(digest, L, CMAC_BLOCK_SIZE);
  }