aesxcbcmac.c revision 1.2
1 /* $NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, 1998 and 2003 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __KERNEL_RCSID(0, "$NetBSD: aesxcbcmac.c,v 1.2 2016/09/26 14:50:54 christos Exp $"); 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <crypto/rijndael/rijndael.h> 38 39 #include <opencrypto/aesxcbcmac.h> 40 41 int 42 aes_xcbc_mac_init(void *vctx, const uint8_t *key, u_int16_t keylen) 43 { 44 static const uint8_t k1seed[AES_BLOCKSIZE] = 45 { 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 }; 46 static const uint8_t k2seed[AES_BLOCKSIZE] = 47 { 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2 }; 48 static const uint8_t k3seed[AES_BLOCKSIZE] = 49 { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 }; 50 u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4]; 51 aesxcbc_ctx *ctx; 52 uint8_t k1[AES_BLOCKSIZE]; 53 54 ctx = vctx; 55 memset(ctx, 0, sizeof(*ctx)); 56 57 if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks, key, keylen * 8)) == 0) 58 return -1; 59 rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1); 60 rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2); 61 rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3); 62 if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0) 63 return -1; 64 if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0) 65 return -1; 66 if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0) 67 return -1; 68 69 return 0; 70 } 71 72 int 73 aes_xcbc_mac_loop(void *vctx, const uint8_t *addr, u_int16_t len) 74 { 75 uint8_t buf[AES_BLOCKSIZE]; 76 aesxcbc_ctx *ctx; 77 const uint8_t *ep; 78 int i; 79 80 ctx = vctx; 81 ep = addr + len; 82 83 if (ctx->buflen == sizeof(ctx->buf)) { 84 for (i = 0; i < sizeof(ctx->e); i++) 85 ctx->buf[i] ^= ctx->e[i]; 86 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 87 ctx->buflen = 0; 88 } 89 if (ctx->buflen + len < sizeof(ctx->buf)) { 90 memcpy(ctx->buf + ctx->buflen, addr, len); 91 ctx->buflen += len; 92 return 0; 93 } 94 if (ctx->buflen && ctx->buflen + len > sizeof(ctx->buf)) { 95 memcpy(ctx->buf + ctx->buflen, addr, 96 sizeof(ctx->buf) - ctx->buflen); 97 for (i = 0; i < sizeof(ctx->e); i++) 98 ctx->buf[i] ^= ctx->e[i]; 99 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, ctx->e); 100 addr += sizeof(ctx->buf) - ctx->buflen; 101 ctx->buflen = 0; 102 } 103 /* due to the special processing for M[n], "=" case is not included */ 104 while (ep - addr > AES_BLOCKSIZE) { 105 memcpy(buf, addr, AES_BLOCKSIZE); 106 for (i = 0; i < sizeof(buf); i++) 107 buf[i] ^= ctx->e[i]; 108 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, buf, ctx->e); 109 addr += AES_BLOCKSIZE; 110 } 111 if (addr < ep) { 112 memcpy(ctx->buf + ctx->buflen, addr, ep - addr); 113 ctx->buflen += ep - addr; 114 } 115 return 0; 116 } 117 118 void 119 aes_xcbc_mac_result(uint8_t *addr, void *vctx) 120 { 121 uint8_t digest[AES_BLOCKSIZE]; 122 aesxcbc_ctx *ctx; 123 int i; 124 125 ctx = vctx; 126 127 if (ctx->buflen == sizeof(ctx->buf)) { 128 for (i = 0; i < sizeof(ctx->buf); i++) { 129 ctx->buf[i] ^= ctx->e[i]; 130 ctx->buf[i] ^= ctx->k2[i]; 131 } 132 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 133 } else { 134 for (i = ctx->buflen; i < sizeof(ctx->buf); i++) 135 ctx->buf[i] = (i == ctx->buflen) ? 0x80 : 0x00; 136 for (i = 0; i < sizeof(ctx->buf); i++) { 137 ctx->buf[i] ^= ctx->e[i]; 138 ctx->buf[i] ^= ctx->k3[i]; 139 } 140 rijndaelEncrypt(ctx->r_k1s, ctx->r_nr, ctx->buf, digest); 141 } 142 143 memcpy(addr, digest, sizeof(digest)); 144 } 145
Indexes created Sun Sep 28 12:09:53 GMT 2025