1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 #include "tomcrypt_private.h"
4 
5 /**
6    @file pmac_init.c
7    PMAC implementation, initialize state, by Tom St Denis
8 */
9 
10 #ifdef LTC_PMAC
11 
12 static const struct {
13     int           len;
14     unsigned char poly_div[MAXBLOCKSIZE],
15                   poly_mul[MAXBLOCKSIZE];
16 } polys[] = {
17 {
18     8,
19     { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
20     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
21 }, {
22     16,
23     { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
24       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
25     { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
26       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
27 }
28 };
29 
30 /**
31    Initialize a PMAC state
32    @param pmac      The PMAC state to initialize
33    @param cipher    The index of the desired cipher
34    @param key       The secret key
35    @param keylen    The length of the secret key (octets)
36    @return CRYPT_OK if successful
37 */
pmac_init(pmac_state * pmac,int cipher,const unsigned char * key,unsigned long keylen)38 int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen)
39 {
40    int poly, x, y, m, err;
41    unsigned char *L;
42 
43    LTC_ARGCHK(pmac  != NULL);
44    LTC_ARGCHK(key   != NULL);
45 
46    /* valid cipher? */
47    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
48       return err;
49    }
50 
51    /* determine which polys to use */
52    pmac->block_len = cipher_descriptor[cipher]->block_length;
53    for (poly = 0; poly < (int)(sizeof(polys)/sizeof(polys[0])); poly++) {
54        if (polys[poly].len == pmac->block_len) {
55           break;
56        }
57    }
58    if (poly >= (int)(sizeof(polys)/sizeof(polys[0]))) {
59       return CRYPT_INVALID_ARG;
60     }
61    if (polys[poly].len != pmac->block_len) {
62       return CRYPT_INVALID_ARG;
63    }
64 
65 #ifdef LTC_FAST
66    if (pmac->block_len % sizeof(LTC_FAST_TYPE)) {
67       return CRYPT_INVALID_ARG;
68    }
69 #endif
70 
71 
72    /* schedule the key */
73    if ((err = cipher_descriptor[cipher]->setup(key, keylen, 0, &pmac->key)) != CRYPT_OK) {
74       return err;
75    }
76 
77    /* allocate L */
78    L = XMALLOC(pmac->block_len);
79    if (L == NULL) {
80       return CRYPT_MEM;
81    }
82 
83    /* find L = E[0] */
84    zeromem(L, pmac->block_len);
85    if ((err = cipher_descriptor[cipher]->ecb_encrypt(L, L, &pmac->key)) != CRYPT_OK) {
86       goto error;
87    }
88 
89    /* find Ls[i] = L << i for i == 0..31 */
90    XMEMCPY(pmac->Ls[0], L, pmac->block_len);
91    for (x = 1; x < 32; x++) {
92        m = pmac->Ls[x-1][0] >> 7;
93        for (y = 0; y < pmac->block_len-1; y++) {
94            pmac->Ls[x][y] = ((pmac->Ls[x-1][y] << 1) | (pmac->Ls[x-1][y+1] >> 7)) & 255;
95        }
96        pmac->Ls[x][pmac->block_len-1] = (pmac->Ls[x-1][pmac->block_len-1] << 1) & 255;
97 
98        if (m == 1) {
99           for (y = 0; y < pmac->block_len; y++) {
100               pmac->Ls[x][y] ^= polys[poly].poly_mul[y];
101           }
102        }
103     }
104 
105    /* find Lr = L / x */
106    m = L[pmac->block_len-1] & 1;
107 
108    /* shift right */
109    for (x = pmac->block_len - 1; x > 0; x--) {
110       pmac->Lr[x] = ((L[x] >> 1) | (L[x-1] << 7)) & 255;
111    }
112    pmac->Lr[0] = L[0] >> 1;
113 
114    if (m == 1) {
115       for (x = 0; x < pmac->block_len; x++) {
116          pmac->Lr[x] ^= polys[poly].poly_div[x];
117       }
118    }
119 
120    /* zero buffer, counters, etc... */
121    pmac->block_index = 1;
122    pmac->cipher_idx  = cipher;
123    pmac->buflen      = 0;
124    zeromem(pmac->block,    sizeof(pmac->block));
125    zeromem(pmac->Li,       sizeof(pmac->Li));
126    zeromem(pmac->checksum, sizeof(pmac->checksum));
127    err = CRYPT_OK;
128 error:
129 #ifdef LTC_CLEAN_STACK
130    zeromem(L, pmac->block_len);
131 #endif
132 
133    XFREE(L);
134 
135    return err;
136 }
137 
138 #endif
139