search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Correct PPTP server firewall rules chain.
[tomato/davidwu.git] / release / src / router / nettle / umac.h
blob4fbd8e12a7ca481ceb2df5d432cd460fa88a966f
1 /* umac.h
2 *
3 * UMAC message authentication code (RFC-4418).
4 */
5
6 /* nettle, low-level cryptographics library
7 *
8 * Copyright (C) 2013 Niels Möller
9 *
10 * The nettle library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation; either version 2.1 of the License, or (at your
13 * option) any later version.
14 *
15 * The nettle library is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
18 * License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with the nettle library; see the file COPYING.LIB. If not, write to
22 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23 * MA 02111-1301, USA.
24 */
25
26 #ifndef NETTLE_UMAC_H_INCLUDED
27 #define NETTLE_UMAC_H_INCLUDED
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33 /* Namespace mangling */
34 #define umac32_set_key nettle_umac32_set_key
35 #define umac64_set_key nettle_umac64_set_key
36 #define umac96_set_key nettle_umac96_set_key
37 #define umac128_set_key nettle_umac128_set_key
38 #define umac32_set_nonce nettle_umac32_set_nonce
39 #define umac64_set_nonce nettle_umac64_set_nonce
40 #define umac96_set_nonce nettle_umac96_set_nonce
41 #define umac128_set_nonce nettle_umac128_set_nonce
42 #define umac32_update nettle_umac32_update
43 #define umac64_update nettle_umac64_update
44 #define umac96_update nettle_umac96_update
45 #define umac128_update nettle_umac128_update
46 #define umac32_digest nettle_umac32_digest
47 #define umac64_digest nettle_umac64_digest
48 #define umac96_digest nettle_umac96_digest
49 #define umac128_digest nettle_umac128_digest
50 #define _umac_set_key _nettle_umac_set_key
51 #define _umac_nh _nettle_umac_nh
52 #define _umac_nh_n _nettle_umac_nh_n
53 #define _umac_poly64 _nettle_umac_poly64
54 #define _umac_poly128 _nettle_umac_poly128
55 #define _umac_l2_init _nettle_umac_l2_init
56 #define _umac_l2 _nettle_umac_l2
57 #define _umac_l2_final _nettle_umac_l2_final
58 #define _umac_l3_init _nettle_umac_l3_init
59 #define _umac_l3 _nettle_umac_l3
60
61 #include "nettle-types.h"
62 #include "aes.h"
63
64 #define UMAC_KEY_SIZE 16
65 #define UMAC32_DIGEST_SIZE 4
66 #define UMAC64_DIGEST_SIZE 8
67 #define UMAC96_DIGEST_SIZE 12
68 #define UMAC128_DIGEST_SIZE 16
69 #define UMAC_DATA_SIZE 1024
70
71 /* Subkeys and state for UMAC with tag size 32*n bits. */
72 #define _UMAC_STATE(n) \
73 uint32_t l1_key[UMAC_DATA_SIZE/4 + 4*((n)-1)]; \
74 /* Keys in 32-bit pieces, high first */ \
75 uint32_t l2_key[6*(n)]; \
76 uint64_t l3_key1[8*(n)]; \
77 uint32_t l3_key2[(n)]; \
78 /* AES cipher for encrypting the nonce */ \
79 struct aes_ctx pdf_key; \
80 /* The l2_state consists of 2*n uint64_t, for poly64 \
81 and poly128 hashing, followed by n additional \
82 uint64_t used as an input buffer. */ \
83 uint64_t l2_state[3*(n)]; \
84 /* Input to the pdf_key, zero-padded and low bits \
85 cleared if appropriate. */ \
86 uint8_t nonce[AES_BLOCK_SIZE]; \
87 unsigned short nonce_length /* For incrementing */
88
89 /* Buffering */
90 #define _UMAC_BUFFER \
91 unsigned index; \
92 /* Complete blocks processed */ \
93 uint64_t count; \
94 uint8_t block[UMAC_DATA_SIZE]
95
96 #define _UMAC_NONCE_CACHED 0x80
97
98 struct umac32_ctx
99 {
100 _UMAC_STATE(1);
101 /* Low bits and cache flag. */
102 unsigned short nonce_low;
103 /* Previous padding block */
104 uint32_t pad_cache[AES_BLOCK_SIZE / 4];
105 _UMAC_BUFFER;
106 };
107
108 struct umac64_ctx
109 {
110 _UMAC_STATE(2);
111 /* Low bit and cache flag. */
112 unsigned short nonce_low;
113 /* Previous padding block */
114 uint32_t pad_cache[AES_BLOCK_SIZE/4];
115 _UMAC_BUFFER;
116 };
117
118 struct umac96_ctx
119 {
120 _UMAC_STATE(3);
121 _UMAC_BUFFER;
122 };
123
124 struct umac128_ctx
125 {
126 _UMAC_STATE(4);
127 _UMAC_BUFFER;
128 };
129
130 /* The _set_key function initialize the nonce to zero. */
131 void
132 umac32_set_key (struct umac32_ctx *ctx, const uint8_t *key);
133 void
134 umac64_set_key (struct umac64_ctx *ctx, const uint8_t *key);
135 void
136 umac96_set_key (struct umac96_ctx *ctx, const uint8_t *key);
137 void
138 umac128_set_key (struct umac128_ctx *ctx, const uint8_t *key);
139
140 /* Optional, if not used, messages get incrementing nonces starting from zero. */
141 void
142 umac32_set_nonce (struct umac32_ctx *ctx,
143 unsigned nonce_length, const uint8_t *nonce);
144 void
145 umac64_set_nonce (struct umac64_ctx *ctx,
146 unsigned nonce_length, const uint8_t *nonce);
147 void
148 umac96_set_nonce (struct umac96_ctx *ctx,
149 unsigned nonce_length, const uint8_t *nonce);
150 void
151 umac128_set_nonce (struct umac128_ctx *ctx,
152 unsigned nonce_length, const uint8_t *nonce);
153
154 void
155 umac32_update (struct umac32_ctx *ctx,
156 unsigned length, const uint8_t *data);
157 void
158 umac64_update (struct umac64_ctx *ctx,
159 unsigned length, const uint8_t *data);
160 void
161 umac96_update (struct umac96_ctx *ctx,
162 unsigned length, const uint8_t *data);
163 void
164 umac128_update (struct umac128_ctx *ctx,
165 unsigned length, const uint8_t *data);
166
167 /* The _digest functions increment the nonce */
168 void
169 umac32_digest (struct umac32_ctx *ctx,
170 unsigned length, uint8_t *digest);
171 void
172 umac64_digest (struct umac64_ctx *ctx,
173 unsigned length, uint8_t *digest);
174 void
175 umac96_digest (struct umac96_ctx *ctx,
176 unsigned length, uint8_t *digest);
177 void
178 umac128_digest (struct umac128_ctx *ctx,
179 unsigned length, uint8_t *digest);
180
181
182 /* Internal functions */
183 #define UMAC_POLY64_BLOCKS 16384
184
185 #define UMAC_P64_OFFSET 59
186 #define UMAC_P64 (- (uint64_t) UMAC_P64_OFFSET)
187
188 #define UMAC_P128_OFFSET 159
189 #define UMAC_P128_HI (~(uint64_t) 0)
190 #define UMAC_P128_LO (-(uint64_t) UMAC_P128_OFFSET)
191
192 void
193 _umac_set_key (uint32_t *l1_key, uint32_t *l2_key,
194 uint64_t *l3_key1, uint32_t *l3_key2,
195 struct aes_ctx *pad, const uint8_t *key, unsigned n);
196
197 uint64_t
198 _umac_nh (const uint32_t *key, unsigned length, const uint8_t *msg);
199
200 /* Equivalent to
201
202 for (i = 0; i < n; i++)
203 out[i] = _umac_nh (key + 4*i, length, msg);
204
205 but processing input only once.
206 */
207 void
208 _umac_nh_n (uint64_t *out, unsigned n, const uint32_t *key,
209 unsigned length, const uint8_t *msg);
210
211 /* Returns y*k + m (mod p), including "marker" processing. Return
212 value is *not* in canonical representation, and must be normalized
213 before the output is used. */
214 uint64_t
215 _umac_poly64 (uint32_t kh, uint32_t kl, uint64_t y, uint64_t m);
216
217 void
218 _umac_poly128 (const uint32_t *k, uint64_t *y, uint64_t mh, uint64_t ml);
219
220 void
221 _umac_l2_init (unsigned size, uint32_t *k);
222
223 void
224 _umac_l2(const uint32_t *key, uint64_t *state, unsigned n,
225 uint64_t count, const uint64_t *m);
226
227 void
228 _umac_l2_final(const uint32_t *key, uint64_t *state, unsigned n,
229 uint64_t count);
230
231 void
232 _umac_l3_init (unsigned size, uint64_t *k);
233
234 uint32_t
235 _umac_l3 (const uint64_t *key, const uint64_t *m);
236
237 #ifdef __cplusplus
238 }
239 #endif
240
241 #endif /* NETTLE_UMAC_H_INCLUDED */