diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7c0a7c9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2016 Shawn Nock + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/block.c b/block.c index 8ba248b..afe1ac8 100644 --- a/block.c +++ b/block.c @@ -8,6 +8,8 @@ #include bool block_cmp(block_t const * const a, block_t const * const b) { + /* Compares two blocks, return true if they are identical, else + false */ for (uint_fast8_t i = 0; i < 4; i++) { if (a->ui32[i] != b->ui32[i]) { return false; @@ -16,6 +18,7 @@ bool block_cmp(block_t const * const a, block_t const * const b) { return true; } +#ifdef HOST_BUILD void block_print(char const * const label, block_t const * const b) { if (label != NULL) { @@ -32,7 +35,10 @@ void block_print(char const * const label, printf("\n"); return; } +#endif /* HOST_BUILD */ + block_t block_xor(block_t const * const a, block_t const * const b) { + /* Returns XOR of two block_t */ block_t c; for (uint_fast8_t i = 0; i < 4; i++) { c.ui32[i] = a->ui32[i] ^ b->ui32[i]; @@ -41,6 +47,7 @@ block_t block_xor(block_t const * const a, block_t const * const b) { } block_t block_shiftr(block_t const * const a, uint_fast8_t const num) { + /* Implements '>>' for block_t */ block_t c; uint_fast8_t n = (num <= 8 ? num : 8); for (int_fast8_t i = 15; i >= 0; i--) { @@ -55,7 +62,7 @@ block_t block_shiftr(block_t const * const a, uint_fast8_t const num) { } block_t block_shiftl(block_t const * const a, uint_fast8_t const num) { - /* Shifts block b right by num bits (where num <= 32) */ + /* Implements '<<' for block_t */ block_t c; uint_fast8_t n = (num <= 8 ? num : 8); for (int_fast8_t i = 0; i < 16; i++) { diff --git a/cmac.c b/cmac.c index 5ed2cd2..8b70b63 100644 --- a/cmac.c +++ b/cmac.c @@ -14,12 +14,13 @@ static const block_t zeros = {.ui32={0,0,0,0}}; static block_t g_k[2]; void cmac_aes128_init(block_t *key) { + /* Initialize AES engine and cache subkeys */ aes128_init(key->ui8); cmac_aes128_expand_key(key, g_k); } void cmac_aes128_expand_key(block_t *key, block_t *out) { - /* Given AES key k, generate the subkeys needed for CMAC */ + /* Generate two required subkeys according to NIST 800-38B */ block_t *k1 = out, *k2 = (out+1); @@ -37,13 +38,15 @@ void cmac_aes128_expand_key(block_t *key, block_t *out) { if (!(k1->ui8[0] >> 7)) { *k2 = block_shiftl(k1, 1); } else { - fflush(stdout); block_t tmp = block_shiftl(k1, 1); *k2 = block_xor(&tmp, &Rb); } } void cmac_truncate_tag(uint8_t *dest, block_t *tag, uint_fast8_t tag_len_bits) { + /* Copy `tag_len_bits` of the tag's most significant bits into to + dest buffer. This is the truncation method defined in NIST + 800-38B */ uint_fast8_t num_bytes = tag_len_bits / 8, last_byte_mask = 0xff << (8 - tag_len_bits % 8); memcpy(dest, tag->ui8, num_bytes); @@ -54,9 +57,11 @@ void cmac_truncate_tag(uint8_t *dest, block_t *tag, uint_fast8_t tag_len_bits) { #define BLOCK(x) (&alt_msg[x-1]) block_t cmac_aes128(uint8_t *msg, size_t msg_len) { - /* Simulate ceiling integer division by adding a block if remainder */ + /* Returns a block_t containing the entire CMAC-AES128 tag */ block_t *k1 = &g_k[0], *k2 = &g_k[1]; + + /* Simulate ceiling integer division by adding a block if remainder */ uint_fast16_t num_blocks = msg_len / 16 + (msg_len % 16 ? 1 : 0); bool last_block_complete = !(msg_len % 16 ? 1 : 0); if (msg_len == 0) { @@ -80,7 +85,6 @@ block_t cmac_aes128(uint8_t *msg, size_t msg_len) { block_t x = { .ui32={0, 0, 0, 0}}, y = { .ui32={0, 0, 0, 0}}; - /* CBC */ for (uint32_t i = 1; i <= num_blocks - 1; i++) { y = block_xor(&x, BLOCK(i)); x = aes128_ecb(&y);