1*4882a593Smuzhiyun #include <stdio.h>
2*4882a593Smuzhiyun #include <stdlib.h>
3*4882a593Smuzhiyun #include <string.h>
4*4882a593Smuzhiyun #include <assert.h>
5*4882a593Smuzhiyun #include "aes_core.h"
6*4882a593Smuzhiyun
rk_left_shift(int len,unsigned char * add,unsigned char * des)7*4882a593Smuzhiyun static void rk_left_shift(int len, unsigned char* add, unsigned char*des)
8*4882a593Smuzhiyun {
9*4882a593Smuzhiyun int i;
10*4882a593Smuzhiyun for (i = 0; i < len - 1; i++)
11*4882a593Smuzhiyun {
12*4882a593Smuzhiyun des[i] = (add[i] << 1) + (add[i + 1] >= 0x80?1:0);
13*4882a593Smuzhiyun }
14*4882a593Smuzhiyun des[len - 1] = add[len - 1] << 1;
15*4882a593Smuzhiyun }
16*4882a593Smuzhiyun
rk_array_xor(int len,const unsigned char * a1,const unsigned char * a2,unsigned char * des)17*4882a593Smuzhiyun static void rk_array_xor(int len, const unsigned char*a1, const unsigned char*a2, unsigned char*des)
18*4882a593Smuzhiyun {
19*4882a593Smuzhiyun int i;
20*4882a593Smuzhiyun for (i = 0; i < len; i++)
21*4882a593Smuzhiyun {
22*4882a593Smuzhiyun des[i] = a1[i] ^ a2[i];
23*4882a593Smuzhiyun }
24*4882a593Smuzhiyun }
25*4882a593Smuzhiyun
rk_derive_mac_key(RK_AES_KEY * key,unsigned char * k1,unsigned char * k2)26*4882a593Smuzhiyun static void rk_derive_mac_key(RK_AES_KEY *key, unsigned char *k1, unsigned char *k2)
27*4882a593Smuzhiyun {
28*4882a593Smuzhiyun unsigned char plain[AES_BLOCK_SIZE] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
29*4882a593Smuzhiyun unsigned char Rb[AES_BLOCK_SIZE] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 };
30*4882a593Smuzhiyun unsigned char c0[AES_BLOCK_SIZE];
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun rk_aes_encrypt(plain, c0, key);
33*4882a593Smuzhiyun if (c0[0]<0x80) //generate k1
34*4882a593Smuzhiyun {
35*4882a593Smuzhiyun rk_left_shift(AES_BLOCK_SIZE, c0, k1);
36*4882a593Smuzhiyun }
37*4882a593Smuzhiyun else
38*4882a593Smuzhiyun {
39*4882a593Smuzhiyun rk_left_shift(AES_BLOCK_SIZE, c0, k1);
40*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, k1, Rb, k1);
41*4882a593Smuzhiyun }
42*4882a593Smuzhiyun
43*4882a593Smuzhiyun if (k1[0] < 0x80) //generate k2
44*4882a593Smuzhiyun {
45*4882a593Smuzhiyun rk_left_shift(AES_BLOCK_SIZE, k1, k2);
46*4882a593Smuzhiyun }
47*4882a593Smuzhiyun else
48*4882a593Smuzhiyun {
49*4882a593Smuzhiyun rk_left_shift(AES_BLOCK_SIZE, k1, k2);
50*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, k2, Rb, k2);
51*4882a593Smuzhiyun }
52*4882a593Smuzhiyun }
53*4882a593Smuzhiyun
rk_aes_genarate_cmac(const unsigned char * key,unsigned int key_len,const unsigned char * msg,unsigned int msg_len,unsigned char * macvalue)54*4882a593Smuzhiyun int rk_aes_genarate_cmac(const unsigned char *key, unsigned int key_len, const unsigned char *msg, unsigned int msg_len, unsigned char *macvalue)
55*4882a593Smuzhiyun {
56*4882a593Smuzhiyun int i,block;
57*4882a593Smuzhiyun unsigned char IVtemp[AES_BLOCK_SIZE];
58*4882a593Smuzhiyun unsigned char Blocktemp[AES_BLOCK_SIZE];
59*4882a593Smuzhiyun unsigned char k1[AES_BLOCK_SIZE], k2[AES_BLOCK_SIZE];
60*4882a593Smuzhiyun RK_AES_KEY aes_key;
61*4882a593Smuzhiyun int result;
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun memset(IVtemp, 0x00, sizeof(IVtemp));
64*4882a593Smuzhiyun memset(Blocktemp, 0x00, sizeof(Blocktemp));
65*4882a593Smuzhiyun memset(k1, 0x00, sizeof(k1));
66*4882a593Smuzhiyun memset(k2, 0x00, sizeof(k2));
67*4882a593Smuzhiyun
68*4882a593Smuzhiyun result = rk_aes_set_encrypt_key(key, key_len*8, &aes_key);
69*4882a593Smuzhiyun if(result != 0)
70*4882a593Smuzhiyun return result;
71*4882a593Smuzhiyun
72*4882a593Smuzhiyun rk_derive_mac_key(&aes_key, k1, k2);
73*4882a593Smuzhiyun if (msg_len % AES_BLOCK_SIZE == 0 && msg_len!=0)
74*4882a593Smuzhiyun {
75*4882a593Smuzhiyun block = msg_len / AES_BLOCK_SIZE;
76*4882a593Smuzhiyun for (i = 0; i < block-1; i++)
77*4882a593Smuzhiyun {
78*4882a593Smuzhiyun rk_array_xor(16, &msg[i * AES_BLOCK_SIZE], IVtemp, Blocktemp);
79*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, IVtemp, &aes_key);
80*4882a593Smuzhiyun }
81*4882a593Smuzhiyun rk_array_xor(16, &msg[(block-1)*AES_BLOCK_SIZE], IVtemp, Blocktemp);
82*4882a593Smuzhiyun rk_array_xor(16, Blocktemp, k1, Blocktemp);
83*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, macvalue, &aes_key);
84*4882a593Smuzhiyun }
85*4882a593Smuzhiyun else
86*4882a593Smuzhiyun {
87*4882a593Smuzhiyun if (msg_len==0)
88*4882a593Smuzhiyun {
89*4882a593Smuzhiyun block = 1;
90*4882a593Smuzhiyun Blocktemp[0] = 0x80;//padding the first bit with 1
91*4882a593Smuzhiyun rk_array_xor(16, Blocktemp, k2, Blocktemp);
92*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, macvalue, &aes_key);
93*4882a593Smuzhiyun }
94*4882a593Smuzhiyun else
95*4882a593Smuzhiyun {
96*4882a593Smuzhiyun unsigned char remain = msg_len % AES_BLOCK_SIZE;
97*4882a593Smuzhiyun block = msg_len / AES_BLOCK_SIZE + 1;
98*4882a593Smuzhiyun for (i = 0; i < block - 1; i++)
99*4882a593Smuzhiyun {
100*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, &msg[i * AES_BLOCK_SIZE], IVtemp, Blocktemp);
101*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, IVtemp, &aes_key);
102*4882a593Smuzhiyun }
103*4882a593Smuzhiyun // the last block padding
104*4882a593Smuzhiyun for (i = 0; i < remain; i++)
105*4882a593Smuzhiyun {
106*4882a593Smuzhiyun Blocktemp[i] = msg[(block - 1) * AES_BLOCK_SIZE + i];
107*4882a593Smuzhiyun }
108*4882a593Smuzhiyun Blocktemp[remain] = 0x80;
109*4882a593Smuzhiyun for (i = remain + 1; i < AES_BLOCK_SIZE; i++)
110*4882a593Smuzhiyun {
111*4882a593Smuzhiyun Blocktemp[i] = 0;
112*4882a593Smuzhiyun }
113*4882a593Smuzhiyun // end of the last block padding
114*4882a593Smuzhiyun
115*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, k2, Blocktemp);
116*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, IVtemp, Blocktemp);
117*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, macvalue, &aes_key);
118*4882a593Smuzhiyun }
119*4882a593Smuzhiyun
120*4882a593Smuzhiyun }
121*4882a593Smuzhiyun return 0;
122*4882a593Smuzhiyun }
123*4882a593Smuzhiyun
rk_aes_verify_cmac(const unsigned char * key,unsigned int key_len,const unsigned char * msg,unsigned int msg_len,unsigned char * macvalue)124*4882a593Smuzhiyun int rk_aes_verify_cmac(const unsigned char *key, unsigned int key_len, const unsigned char *msg, unsigned int msg_len, unsigned char *macvalue)
125*4882a593Smuzhiyun {
126*4882a593Smuzhiyun int i, block;
127*4882a593Smuzhiyun int result=-1;
128*4882a593Smuzhiyun unsigned char IVtemp[AES_BLOCK_SIZE];
129*4882a593Smuzhiyun unsigned char Blocktemp[AES_BLOCK_SIZE];
130*4882a593Smuzhiyun unsigned char k1[AES_BLOCK_SIZE], k2[AES_BLOCK_SIZE];
131*4882a593Smuzhiyun unsigned char tmp_macvalue[AES_BLOCK_SIZE];
132*4882a593Smuzhiyun RK_AES_KEY aes_key;
133*4882a593Smuzhiyun
134*4882a593Smuzhiyun memset(IVtemp, 0x00, sizeof(IVtemp));
135*4882a593Smuzhiyun memset(Blocktemp, 0x00, sizeof(Blocktemp));
136*4882a593Smuzhiyun memset(k1, 0x00, sizeof(k1));
137*4882a593Smuzhiyun memset(k2, 0x00, sizeof(k2));
138*4882a593Smuzhiyun
139*4882a593Smuzhiyun result = rk_aes_set_encrypt_key(key, key_len*8, &aes_key);
140*4882a593Smuzhiyun if(result != 0)
141*4882a593Smuzhiyun return result;
142*4882a593Smuzhiyun
143*4882a593Smuzhiyun rk_derive_mac_key(&aes_key, k1, k2);
144*4882a593Smuzhiyun if (msg_len % AES_BLOCK_SIZE == 0 && msg_len != 0)
145*4882a593Smuzhiyun {
146*4882a593Smuzhiyun block = msg_len / AES_BLOCK_SIZE;
147*4882a593Smuzhiyun for (i = 0; i < block - 1; i++)
148*4882a593Smuzhiyun {
149*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, &msg[i * AES_BLOCK_SIZE], IVtemp, Blocktemp);
150*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, IVtemp, &aes_key);
151*4882a593Smuzhiyun }
152*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, &msg[(block - 1) * AES_BLOCK_SIZE], IVtemp, Blocktemp);
153*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, k1, Blocktemp);
154*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, tmp_macvalue, &aes_key);
155*4882a593Smuzhiyun }
156*4882a593Smuzhiyun else
157*4882a593Smuzhiyun {
158*4882a593Smuzhiyun if (msg_len == 0)
159*4882a593Smuzhiyun {
160*4882a593Smuzhiyun block = 1;
161*4882a593Smuzhiyun Blocktemp[0] = 0x80;//padding the first bit with 1
162*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, k2, Blocktemp);
163*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, tmp_macvalue, &aes_key);
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun else
166*4882a593Smuzhiyun {
167*4882a593Smuzhiyun unsigned char remain = msg_len % AES_BLOCK_SIZE;
168*4882a593Smuzhiyun block = msg_len / AES_BLOCK_SIZE + 1;
169*4882a593Smuzhiyun for (i = 0; i < block - 1; i++)
170*4882a593Smuzhiyun {
171*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, &msg[i * AES_BLOCK_SIZE], IVtemp, Blocktemp);
172*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, IVtemp, &aes_key);
173*4882a593Smuzhiyun }
174*4882a593Smuzhiyun // the last block padding
175*4882a593Smuzhiyun for (i = 0; i < remain; i++)
176*4882a593Smuzhiyun {
177*4882a593Smuzhiyun Blocktemp[i] = msg[(block - 1) * AES_BLOCK_SIZE + i];
178*4882a593Smuzhiyun }
179*4882a593Smuzhiyun Blocktemp[remain] = 0x80;
180*4882a593Smuzhiyun for (i = remain + 1; i < AES_BLOCK_SIZE; i++)
181*4882a593Smuzhiyun {
182*4882a593Smuzhiyun Blocktemp[i] = 0;
183*4882a593Smuzhiyun }
184*4882a593Smuzhiyun // end of the last block padding
185*4882a593Smuzhiyun
186*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, k2, Blocktemp);
187*4882a593Smuzhiyun rk_array_xor(AES_BLOCK_SIZE, Blocktemp, IVtemp, Blocktemp);
188*4882a593Smuzhiyun rk_aes_encrypt(Blocktemp, tmp_macvalue, &aes_key);
189*4882a593Smuzhiyun }
190*4882a593Smuzhiyun
191*4882a593Smuzhiyun }
192*4882a593Smuzhiyun result = -1;
193*4882a593Smuzhiyun for (i = 0; i < AES_BLOCK_SIZE; i++)
194*4882a593Smuzhiyun {
195*4882a593Smuzhiyun if (tmp_macvalue[i] != macvalue[i])
196*4882a593Smuzhiyun {
197*4882a593Smuzhiyun return(result);
198*4882a593Smuzhiyun }
199*4882a593Smuzhiyun }
200*4882a593Smuzhiyun result = 0;
201*4882a593Smuzhiyun return(result);
202*4882a593Smuzhiyun }
203