1 /* ccm_mode.c - TinyCrypt implementation of CCM mode */
9  *    - Redistributions of source code must retain the above copyright notice,
12  *    - Redistributions in binary form must reproduce the above copyright
16  *    - Neither the name of Intel Corporation nor the names of its contributors
54 	c->mlen = mlen;  in tc_ccm_config()
55 	c->sched = sched;  in tc_ccm_config()
56 	c->nonce = nonce;  in tc_ccm_config()
62  * Variation of CBC-MAC mode used in CCM.
64 static void ccm_cbc_mac(uint8_t *T, const uint8_t *data, unsigned int dlen,  in ccm_cbc_mac()  argument
71 		T[0] ^= (uint8_t)(dlen >> 8);  in ccm_cbc_mac()
72 		T[1] ^= (uint8_t)(dlen);  in ccm_cbc_mac()
79 		T[i++ % (Nb * Nk)] ^= *data++;  in ccm_cbc_mac()
81 			(void) tc_aes_encrypt(T, T, sched);  in ccm_cbc_mac()
150 		(olen < (plen + c->mlen))) {  /* invalid output buffer size */  in tc_ccm_generation_encryption()
161 	b[0] = ((alen > 0) ? 0x40:0) | (((c->mlen - 2) / 2 << 3)) | (1);  in tc_ccm_generation_encryption()
163 		b[i] = c->nonce[i - 1];  in tc_ccm_generation_encryption()
168 	/* computing the authentication tag using cbc-mac: */  in tc_ccm_generation_encryption()
169 	(void) tc_aes_encrypt(tag, b, c->sched);  in tc_ccm_generation_encryption()
171 		ccm_cbc_mac(tag, associated_data, alen, 1, c->sched);  in tc_ccm_generation_encryption()
174 		ccm_cbc_mac(tag, payload, plen, 0, c->sched);  in tc_ccm_generation_encryption()
180 	b[0] = 1; /* q - 1 = 2 - 1 = 1 */  in tc_ccm_generation_encryption()
184 	ccm_ctr_mode(out, plen, payload, plen, b, c->sched);  in tc_ccm_generation_encryption()
189 	(void) tc_aes_encrypt(b, b, c->sched);  in tc_ccm_generation_encryption()
191 	for (i = 0; i < c->mlen; ++i) {  in tc_ccm_generation_encryption()
211 	    (olen < plen - c->mlen)) { /* invalid output buffer size */  in tc_ccm_decryption_verification()
222 	b[0] = 1; /* q - 1 = 2 - 1 = 1 */  in tc_ccm_decryption_verification()
224 		b[i] = c->nonce[i - 1];  in tc_ccm_decryption_verification()
229 	ccm_ctr_mode(out, plen - c->mlen, payload, plen - c->mlen, b, c->sched);  in tc_ccm_decryption_verification()
234 	(void) tc_aes_encrypt(b, b, c->sched);  in tc_ccm_decryption_verification()
235 	for (i = 0; i < c->mlen; ++i) {  in tc_ccm_decryption_verification()
236 		tag[i] = *(payload + plen - c->mlen + i) ^ b[i];  in tc_ccm_decryption_verification()
242 	b[0] = ((alen > 0) ? 0x40:0)|(((c->mlen - 2) / 2 << 3)) | (1);  in tc_ccm_decryption_verification()
244 		b[i] = c->nonce[i - 1];  in tc_ccm_decryption_verification()
246 	b[14] = (uint8_t)((plen - c->mlen) >> 8);  in tc_ccm_decryption_verification()
247 	b[15] = (uint8_t)(plen - c->mlen);  in tc_ccm_decryption_verification()
249 	/* computing the authentication tag using cbc-mac: */  in tc_ccm_decryption_verification()
250 	(void) tc_aes_encrypt(b, b, c->sched);  in tc_ccm_decryption_verification()
252 		ccm_cbc_mac(b, associated_data, alen, 1, c->sched);  in tc_ccm_decryption_verification()
255 		ccm_cbc_mac(b, out, plen - c->mlen, 0, c->sched);  in tc_ccm_decryption_verification()
259 	if (_compare(b, tag, c->mlen) == 0) {  in tc_ccm_decryption_verification()
263 		_set(out, 0, plen - c->mlen);  in tc_ccm_decryption_verification()