Merge 992506c into ed28703

makefile

@@ -121,6 +121,8 @@ src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.
 src/ciphers/kseed.o src/ciphers/multi2.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
 src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
 src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_done.o src/encauth/ccm/ccm_process.o src/encauth/ccm/ccm_reset.o \
+src/encauth/ccm/ccm_add_aad.o src/encauth/ccm/ccm_init.o src/encauth/ccm/ccm_add_nonce.o \
 src/encauth/ccm/ccm_memory_ex.o src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o \
 src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
 src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_encrypt.o \

src/encauth/ccm/ccm_add_aad.c

@@ -0,0 +1,58 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+#ifdef LTC_CCM_MODE
+
+/**
+  Add AAD to the CCM state
+  @param ccm       The CCM state
+  @param adata     The additional authentication data to add to the CCM state
+  @param adatalen  The length of the AAD data.
+  @return CRYPT_OK on success
+ */
+int ccm_add_aad(ccm_state *ccm,
+                const unsigned char *adata,  unsigned long adatalen)
+{
+   unsigned long y;
+   int            err;
+
+   if (ccm->aadlen < ccm->current_aadlen + adatalen) {
+      return CRYPT_INVALID_ARG;
+   }
+   ccm->current_aadlen += adatalen;
+
+   /* now add the data */
+   for (y = 0; y < adatalen; y++) {
+      if (ccm->x == 16) {
+         /* full block so let's encrypt it */
+         if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
+            return CRYPT_ERROR;
+         }
+         ccm->x = 0;
+      }
+      ccm->PAD[ccm->x++] ^= adata[y];
+   }
+
+   /* remainder? */
+   if (ccm->aadlen == ccm->current_aadlen) {
+      if (ccm->x != 0) {
+         if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
+            return CRYPT_ERROR;
+         }
+      }
+      ccm->x = 0;
+   }
+
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/ccm/ccm_add_nonce.c

@@ -0,0 +1,108 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+#ifdef LTC_CCM_MODE
+
+/**
+  Add nonce data to the CCM state
+  @param ccm       The CCM state
+  @param nonce     The nonce data to add
+  @param noncelen  The length of the nonce
+  @return CRYPT_OK on success
+ */
+int ccm_add_nonce(ccm_state *ccm,
+                  const unsigned char *nonce,     unsigned long noncelen)
+{
+   unsigned long x, y, len;
+   int           err;
+
+   /* increase L to match the nonce len */
+   ccm->noncelen = (noncelen > 13) ? 13 : noncelen;
+   if ((15 - ccm->noncelen) > ccm->L) {
+      ccm->L = 15 - ccm->noncelen;
+   }
+
+   /* decrease noncelen to match L */
+   if ((ccm->noncelen + ccm->L) > 15) {
+      ccm->noncelen = 15 - ccm->L;
+   }
+
+   /* form B_0 == flags | Nonce N | l(m) */
+   x = 0;
+   ccm->PAD[x++] = (unsigned char)(((ccm->aadlen > 0) ? (1<<6) : 0) |
+		   (((ccm->taglen - 2)>>1)<<3)        |
+		   (ccm->L-1));
+
+   /* nonce */
+   for (y = 0; y < (16 - (ccm->L + 1)); y++) {
+      ccm->PAD[x++] = nonce[y];
+   }
+
+   /* store len */
+   len = ccm->ptlen;
+
+   /* shift len so the upper bytes of len are the contents of the length */
+   for (y = ccm->L; y < 4; y++) {
+      len <<= 8;
+   }
+
+   /* store l(m) (only store 32-bits) */
+   for (y = 0; ccm->L > 4 && (ccm->L-y)>4; y++) {
+      ccm->PAD[x++] = 0;
+   }
+   for (; y < ccm->L; y++) {
+      ccm->PAD[x++] = (unsigned char)((len >> 24) & 255);
+      len <<= 8;
+   }
+
+   /* encrypt PAD */
+   if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* handle header */
+   ccm->x = 0;
+   if (ccm->aadlen > 0) {
+      /* store length */
+      if (ccm->aadlen < ((1UL<<16) - (1UL<<8))) {
+         ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255;
+         ccm->PAD[ccm->x++] ^= ccm->aadlen & 255;
+      } else {
+         ccm->PAD[ccm->x++] ^= 0xFF;
+         ccm->PAD[ccm->x++] ^= 0xFE;
+         ccm->PAD[ccm->x++] ^= (ccm->aadlen>>24) & 255;
+         ccm->PAD[ccm->x++] ^= (ccm->aadlen>>16) & 255;
+         ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255;
+         ccm->PAD[ccm->x++] ^= ccm->aadlen & 255;
+      }
+   }
+
+   /* setup the ctr counter */
+   x = 0;
+
+   /* flags */
+   ccm->ctr[x++] = (unsigned char)ccm->L-1;
+
+   /* nonce */
+   for (y = 0; y < (16 - (ccm->L+1)); ++y) {
+      ccm->ctr[x++] = nonce[y];
+   }
+   /* offset */
+   while (x < 16) {
+      ccm->ctr[x++] = 0;
+   }
+
+   ccm->CTRlen = 16;
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/ccm/ccm_done.c

@@ -0,0 +1,61 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+#ifdef LTC_CCM_MODE
+
+/**
+  Terminate a CCM stream
+  @param ccm     The CCM state
+  @param tag     [out] The destination for the MAC tag
+  @param taglen  [in/out]  The length of the MAC tag
+  @return CRYPT_OK on success
+ */
+int ccm_done(ccm_state *ccm,
+             unsigned char *tag,    unsigned long *taglen)
+{
+   unsigned long x, y;
+   int            err;
+
+   /* Check all data have been processed */
+   if (ccm->ptlen != ccm->current_ptlen) {
+      return CRYPT_ERROR;
+   }
+
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+
+   if (ccm->x != 0) {
+      if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) {
+         return err;
+      }
+   }
+
+   /* setup CTR for the TAG (zero the count) */
+   for (y = 15; y > 15 - ccm->L; y--) {
+      ccm->ctr[y] = 0x00;
+   }
+   if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) {
+      return err;
+   }
+
+   cipher_descriptor[ccm->cipher].done(&ccm->K);
+
+   /* store the TAG */
+   for (x = 0; x < 16 && x < *taglen; x++) {
+      tag[x] = ccm->PAD[x] ^ ccm->CTRPAD[x];
+   }
+   *taglen = x;
+
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/ccm/ccm_init.c

@@ -0,0 +1,78 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org
+ */
+#include "tomcrypt.h"
+
+#ifdef LTC_CCM_MODE
+
+/**
+  Initialize a CCM state
+  @param ccm     The CCM state to initialize
+  @param cipher  The index of the cipher to use
+  @param key     The secret key
+  @param keylen  The length of the secret key
+  @param ptlen   The length of the plain/cipher text that will be processed
+  @param taglen  The max length of the MAC tag
+  @param aadlen  The length of the AAD
+
+  @return CRYPT_OK on success
+ */
+int ccm_init(ccm_state *ccm, int cipher,
+             const unsigned char *key, int keylen, int ptlen, int taglen, int aadlen)
+{
+   int            err;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(taglen != 0);
+
+   memset(ccm, 0, sizeof(ccm_state));
+
+   /* check cipher input */
+   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_CIPHER;
+   }
+
+   /* make sure the taglen is even and <= 16 */
+   ccm->taglen = taglen;
+   ccm->taglen &= ~1;
+   if (ccm->taglen > 16) {
+      ccm->taglen = 16;
+   }
+
+   /* can't use < 4 */
+   if (ccm->taglen < 4) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* schedule key */
+   if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) {
+      return err;
+   }
+   ccm->cipher = cipher;
+
+   /* let's get the L value */
+   ccm->ptlen = ptlen;
+   ccm->L   = 0;
+   while (ptlen) {
+      ++ccm->L;
+      ptlen >>= 8;
+   }
+   if (ccm->L <= 1) {
+      ccm->L = 2;
+   }
+
+   ccm->aadlen = aadlen;
+   return CRYPT_OK;
+}
+
+#endif