Sarah Marsh / Mbed OS EddystoneBeacon

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

source/aes_eax.cpp@0:1c7da5f83647, 2016-11-29 (annotated)

Committer:
sarahmarshy
Date:
Tue Nov 29 06:29:10 2016 +0000
Revision:
0:1c7da5f83647
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
sarahmarshy 0:1c7da5f83647 1 /*
sarahmarshy 0:1c7da5f83647 2 * Copyright (c) 2016, Google Inc, All Rights Reserved
sarahmarshy 0:1c7da5f83647 3 * SPDX-License-Identifier: Apache-2.0
sarahmarshy 0:1c7da5f83647 4 *
sarahmarshy 0:1c7da5f83647 5 * Licensed under the Apache License, Version 2.0 (the "License"); you may
sarahmarshy 0:1c7da5f83647 6 * not use this file except in compliance with the License.
sarahmarshy 0:1c7da5f83647 7 * You may obtain a copy of the License at
sarahmarshy 0:1c7da5f83647 8 *
sarahmarshy 0:1c7da5f83647 9 * http://www.apache.org/licenses/LICENSE-2.0
sarahmarshy 0:1c7da5f83647 10 *
sarahmarshy 0:1c7da5f83647 11 * Unless required by applicable law or agreed to in writing, software
sarahmarshy 0:1c7da5f83647 12 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
sarahmarshy 0:1c7da5f83647 13 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
sarahmarshy 0:1c7da5f83647 14 * See the License for the specific language governing permissions and
sarahmarshy 0:1c7da5f83647 15 * limitations under the License.
sarahmarshy 0:1c7da5f83647 16 */
sarahmarshy 0:1c7da5f83647 17
sarahmarshy 0:1c7da5f83647 18 #include <string.h>
sarahmarshy 0:1c7da5f83647 19
sarahmarshy 0:1c7da5f83647 20 // #include "aes_eax.h"
sarahmarshy 0:1c7da5f83647 21 // set defines before loading aes.h
sarahmarshy 0:1c7da5f83647 22 #define MBEDTLS_CIPHER_MODE_CBC
sarahmarshy 0:1c7da5f83647 23 #define MBEDTLS_CIPHER_MODE_CTR
sarahmarshy 0:1c7da5f83647 24 #include "mbedtls/aes.h"
sarahmarshy 0:1c7da5f83647 25
sarahmarshy 0:1c7da5f83647 26 #define EDDY_ERR_EAX_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
sarahmarshy 0:1c7da5f83647 27
sarahmarshy 0:1c7da5f83647 28 void gf128_double_( unsigned char val[16] )
sarahmarshy 0:1c7da5f83647 29 {
sarahmarshy 0:1c7da5f83647 30 int i;
sarahmarshy 0:1c7da5f83647 31 int carry = val[0] >> 7;
sarahmarshy 0:1c7da5f83647 32 int xv = (-carry) & 0x87;
sarahmarshy 0:1c7da5f83647 33 for (i = 15; i >= 0; i--) {
sarahmarshy 0:1c7da5f83647 34 carry = val[i] >> 7;
sarahmarshy 0:1c7da5f83647 35 val[i] = (val[i] << 1) ^ xv;
sarahmarshy 0:1c7da5f83647 36 xv = carry;
sarahmarshy 0:1c7da5f83647 37 }
sarahmarshy 0:1c7da5f83647 38 }
sarahmarshy 0:1c7da5f83647 39
sarahmarshy 0:1c7da5f83647 40 int compute_cmac_( mbedtls_aes_context *ctx,
sarahmarshy 0:1c7da5f83647 41 const unsigned char *input,
sarahmarshy 0:1c7da5f83647 42 size_t length,
sarahmarshy 0:1c7da5f83647 43 unsigned char param,
sarahmarshy 0:1c7da5f83647 44 unsigned char mac[16] )
sarahmarshy 0:1c7da5f83647 45 {
sarahmarshy 0:1c7da5f83647 46 unsigned char buf[16], iv[16];
sarahmarshy 0:1c7da5f83647 47 memset(buf, 0, sizeof(buf));
sarahmarshy 0:1c7da5f83647 48 buf[15] = param;
sarahmarshy 0:1c7da5f83647 49 memset(iv, 0, sizeof(iv));
sarahmarshy 0:1c7da5f83647 50 length += 16;
sarahmarshy 0:1c7da5f83647 51
sarahmarshy 0:1c7da5f83647 52 unsigned char pad[16];
sarahmarshy 0:1c7da5f83647 53 memset(pad, 0, sizeof(pad));
sarahmarshy 0:1c7da5f83647 54 mbedtls_aes_crypt_ecb(ctx, MBEDTLS_AES_ENCRYPT, pad, pad);
sarahmarshy 0:1c7da5f83647 55 gf128_double_(pad);
sarahmarshy 0:1c7da5f83647 56 if (length & 15) {
sarahmarshy 0:1c7da5f83647 57 gf128_double_(pad);
sarahmarshy 0:1c7da5f83647 58 pad[length & 15] ^= 0x80;
sarahmarshy 0:1c7da5f83647 59 }
sarahmarshy 0:1c7da5f83647 60
sarahmarshy 0:1c7da5f83647 61 const unsigned char *tmp_input = buf;
sarahmarshy 0:1c7da5f83647 62 while (length > 16) {
sarahmarshy 0:1c7da5f83647 63 mbedtls_aes_crypt_cbc(ctx, MBEDTLS_AES_ENCRYPT, 16, iv, tmp_input, buf);
sarahmarshy 0:1c7da5f83647 64 if (tmp_input == buf) {
sarahmarshy 0:1c7da5f83647 65 tmp_input = input;
sarahmarshy 0:1c7da5f83647 66 } else {
sarahmarshy 0:1c7da5f83647 67 tmp_input += 16;
sarahmarshy 0:1c7da5f83647 68 }
sarahmarshy 0:1c7da5f83647 69 length -= 16;
sarahmarshy 0:1c7da5f83647 70 }
sarahmarshy 0:1c7da5f83647 71
sarahmarshy 0:1c7da5f83647 72 size_t i;
sarahmarshy 0:1c7da5f83647 73 for (i = 0; i < length; i++)
sarahmarshy 0:1c7da5f83647 74 pad[i] ^= tmp_input[i];
sarahmarshy 0:1c7da5f83647 75
sarahmarshy 0:1c7da5f83647 76 mbedtls_aes_crypt_cbc(ctx, MBEDTLS_AES_ENCRYPT, 16, iv, pad, mac);
sarahmarshy 0:1c7da5f83647 77 return 0;
sarahmarshy 0:1c7da5f83647 78 }
sarahmarshy 0:1c7da5f83647 79
sarahmarshy 0:1c7da5f83647 80 int eddy_aes_authcrypt_eax( mbedtls_aes_context *ctx,
sarahmarshy 0:1c7da5f83647 81 int mode,
sarahmarshy 0:1c7da5f83647 82 const unsigned char *nonce,
sarahmarshy 0:1c7da5f83647 83 size_t nonce_length,
sarahmarshy 0:1c7da5f83647 84 const unsigned char *header,
sarahmarshy 0:1c7da5f83647 85 size_t header_length,
sarahmarshy 0:1c7da5f83647 86 size_t message_length,
sarahmarshy 0:1c7da5f83647 87 const unsigned char *input,
sarahmarshy 0:1c7da5f83647 88 unsigned char *output,
sarahmarshy 0:1c7da5f83647 89 unsigned char *tag,
sarahmarshy 0:1c7da5f83647 90 size_t tag_length )
sarahmarshy 0:1c7da5f83647 91 {
sarahmarshy 0:1c7da5f83647 92 unsigned char header_mac[16];
sarahmarshy 0:1c7da5f83647 93 unsigned char nonce_mac[16];
sarahmarshy 0:1c7da5f83647 94 unsigned char ciphertext_mac[16];
sarahmarshy 0:1c7da5f83647 95 uint8_t i;
sarahmarshy 0:1c7da5f83647 96 compute_cmac_(ctx, header, header_length, 1, header_mac);
sarahmarshy 0:1c7da5f83647 97 compute_cmac_(ctx, nonce, nonce_length, 0, nonce_mac);
sarahmarshy 0:1c7da5f83647 98 if (mode == MBEDTLS_AES_DECRYPT) {
sarahmarshy 0:1c7da5f83647 99 compute_cmac_(ctx, input, message_length, 2, ciphertext_mac);
sarahmarshy 0:1c7da5f83647 100 unsigned char n_ok = 0;
sarahmarshy 0:1c7da5f83647 101 for (i = 0; i < tag_length; i++) {
sarahmarshy 0:1c7da5f83647 102 ciphertext_mac[i] ^= header_mac[i];
sarahmarshy 0:1c7da5f83647 103 ciphertext_mac[i] ^= nonce_mac[i];
sarahmarshy 0:1c7da5f83647 104 ciphertext_mac[i] ^= tag[i];
sarahmarshy 0:1c7da5f83647 105 n_ok |= ciphertext_mac[i];
sarahmarshy 0:1c7da5f83647 106 }
sarahmarshy 0:1c7da5f83647 107 if (n_ok)
sarahmarshy 0:1c7da5f83647 108 return EDDY_ERR_EAX_AUTH_FAILED;
sarahmarshy 0:1c7da5f83647 109 }
sarahmarshy 0:1c7da5f83647 110 size_t nc_off = 0;
sarahmarshy 0:1c7da5f83647 111 unsigned char nonce_copy[16];
sarahmarshy 0:1c7da5f83647 112 memcpy(nonce_copy, nonce_mac, sizeof(nonce_mac));
sarahmarshy 0:1c7da5f83647 113 unsigned char sb[16];
sarahmarshy 0:1c7da5f83647 114 mbedtls_aes_crypt_ctr(ctx, message_length, &nc_off, nonce_copy, sb, input, output);
sarahmarshy 0:1c7da5f83647 115 if (mode == MBEDTLS_AES_ENCRYPT) {
sarahmarshy 0:1c7da5f83647 116 compute_cmac_(ctx, output, message_length, 2, ciphertext_mac);
sarahmarshy 0:1c7da5f83647 117 for (i = 0; i < tag_length; i++)
sarahmarshy 0:1c7da5f83647 118 tag[i] = header_mac[i] ^ nonce_mac[i] ^ ciphertext_mac[i];
sarahmarshy 0:1c7da5f83647 119 }
sarahmarshy 0:1c7da5f83647 120 return 0;
sarahmarshy 0:1c7da5f83647 121 }