aesxcbcmac.c revision 1.1.6.2
1 /* $NetBSD: aesxcbcmac.c,v 1.1.6.2 2011/06/06 09:10:03 jruoho Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.1.6.2 2011/06/06 09:10:03 jruoho Exp $"); 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <crypto/rijndael/rijndael.h> 38 39 #include <opencrypto/aesxcbcmac.h> 40 41 int 42 aes_xcbc_mac_init(void *vctx, const u_int8_t *key, u_int16_t keylen) 43 { 44 u_int8_t k1seed[AES_BLOCKSIZE] = { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 }; 45 u_int8_t k2seed[AES_BLOCKSIZE] = { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 }; 46 u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; 47 u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4]; 48 aesxcbc_ctx *ctx; 49 u_int8_t k1[AES_BLOCKSIZE]; 50 51 ctx = (aesxcbc_ctx *)vctx; 52 memset(ctx, 0, sizeof(aesxcbc_ctx)); 53 54 if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0) 55 return -1; 56 rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1); 57 rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); 58 rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); 59 if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0) 60 return -1; 61 if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0) 62 return -1; 63 if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0) 64 return -1; 65 66 return 0; 67 } 68 69 int 70 aes_xcbc_mac_loop(void *vctx, const u_int8_t *addr, u_int16_t len) 71 { 72 u_int8_t buf[AES_BLOCKSIZE]; 73 aesxcbc_ctx *ctx; 74 const u_int8_t *ep; 75 int i; 76 77 ctx = (aesxcbc_ctx *)vctx; 78 ep = addr + len; 79 80 if (ctx->buflen == sizeof(ctx->buf)) { 81 for (i = 0; i < sizeof(ctx->e); i++) 82 ctx->buf[i] ^= ctx->e[i]; 83 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 84 ctx->buflen = 0; 85 } 86 if (ctx->buflen + len < sizeof(ctx->buf)) { 87 memcpy(ctx->buf + ctx->buflen, addr, len); 88 ctx->buflen += len; 89 return 0; 90 } 91 if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) { 92 memcpy(ctx->buf + ctx->buflen, addr, 93 sizeof(ctx->buf) - ctx->buflen); 94 for (i = 0; i < sizeof(ctx->e); i++) 95 ctx->buf[i] ^= ctx->e[i]; 96 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 97 addr += sizeof(ctx->buf) - ctx->buflen; 98 ctx->buflen = 0; 99 } 100 /* due to the special processing for M[n], "=" case is not included */ 101 while (addr + AES_BLOCKSIZE < ep) { 102 memcpy(buf, addr, AES_BLOCKSIZE); 103 for (i = 0; i < sizeof(buf); i++) 104 buf[i] ^= ctx->e[i]; 105 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e); 106 addr += AES_BLOCKSIZE; 107 } 108 if (addr < ep) { 109 memcpy(ctx->buf + ctx->buflen, addr, ep - addr); 110 ctx->buflen += ep - addr; 111 } 112 return 0; 113 } 114 115 void 116 aes_xcbc_mac_result(u_int8_t *addr, void *vctx) 117 { 118 u_char digest[AES_BLOCKSIZE]; 119 aesxcbc_ctx *ctx; 120 int i; 121 122 ctx = (aesxcbc_ctx *)vctx; 123 124 if (ctx->buflen == sizeof(ctx->buf)) { 125 for (i = 0; i < sizeof(ctx->buf); i++) { 126 ctx->buf[i] ^= ctx->e[i]; 127 ctx->buf[i] ^= ctx->k2[i]; 128 } 129 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 130 } else { 131 for (i = ctx->buflen; i < sizeof(ctx->buf); i++) 132 ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00; 133 for (i = 0; i < sizeof(ctx->buf); i++) { 134 ctx->buf[i] ^= ctx->e[i]; 135 ctx->buf[i] ^= ctx->k3[i]; 136 } 137 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 138 } 139 140 memcpy(addr, digest, sizeof(digest)); 141 } 142
Indexes created Sun Oct 26 20:09:54 GMT 2025