1 // SPDX-License-Identifier: BSD-2-Clause
2 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3  *
4  * LibTomCrypt is a library that provides various cryptographic
5  * algorithms in a highly modular and flexible manner.
6  *
7  * The library is free for all purposes without any express
8  * guarantee it works.
9  */
10 #include "tomcrypt_private.h"
11 
12 /**
13   @file xcbc_init.c
14   XCBC Support, start an XCBC state
15 */
16 
17 #ifdef LTC_XCBC
18 
19 /** Initialize XCBC-MAC state
20   @param xcbc    [out] XCBC state to initialize
21   @param cipher  Index of cipher to use
22   @param key     [in]  Secret key
23   @param keylen  Length of secret key in octets
24   Return CRYPT_OK on success
25 */
xcbc_init(xcbc_state * xcbc,int cipher,const unsigned char * key,unsigned long keylen)26 int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen)
27 {
28    int            x, y, err;
29    symmetric_key *skey;
30    unsigned long  k1;
31 
32    LTC_ARGCHK(xcbc != NULL);
33    LTC_ARGCHK(key  != NULL);
34 
35    /* schedule the key */
36    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
37       return err;
38    }
39 
40 #ifdef LTC_FAST
41    if (cipher_descriptor[cipher]->block_length % sizeof(LTC_FAST_TYPE)) {
42        return CRYPT_INVALID_ARG;
43    }
44 #endif
45 
46    skey = NULL;
47 
48    /* are we in pure XCBC mode with three keys? */
49    if (keylen & LTC_XCBC_PURE) {
50       keylen &= ~LTC_XCBC_PURE;
51 
52       if (keylen < 2UL*cipher_descriptor[cipher]->block_length) {
53          return CRYPT_INVALID_ARG;
54       }
55 
56       k1      = keylen - 2*cipher_descriptor[cipher]->block_length;
57       XMEMCPY(xcbc->K[0], key, k1);
58       XMEMCPY(xcbc->K[1], key+k1, cipher_descriptor[cipher]->block_length);
59       XMEMCPY(xcbc->K[2], key+k1 + cipher_descriptor[cipher]->block_length, cipher_descriptor[cipher]->block_length);
60    } else {
61       /* use the key expansion */
62       k1      = cipher_descriptor[cipher]->block_length;
63 
64       /* schedule the user key */
65       skey = XCALLOC(1, sizeof(*skey));
66       if (skey == NULL) {
67          return CRYPT_MEM;
68       }
69 
70       if ((err = cipher_descriptor[cipher]->setup(key, keylen, 0, skey)) != CRYPT_OK) {
71          goto done;
72       }
73 
74       /* make the three keys */
75       for (y = 0; y < 3; y++) {
76         for (x = 0; x < cipher_descriptor[cipher]->block_length; x++) {
77            xcbc->K[y][x] = y + 1;
78         }
79         cipher_descriptor[cipher]->ecb_encrypt(xcbc->K[y], xcbc->K[y], skey);
80       }
81    }
82 
83    /* setup K1 */
84    err = cipher_descriptor[cipher]->setup(xcbc->K[0], k1, 0, &xcbc->key);
85 
86    /* setup struct */
87    zeromem(xcbc->IV, cipher_descriptor[cipher]->block_length);
88    xcbc->blocksize = cipher_descriptor[cipher]->block_length;
89    xcbc->cipher    = cipher;
90    xcbc->buflen    = 0;
91 done:
92    cipher_descriptor[cipher]->done(skey);
93    if (skey != NULL) {
94 #ifdef LTC_CLEAN_STACK
95       zeromem(skey, sizeof(*skey));
96 #endif
97       XFREE(skey);
98    }
99    return err;
100 }
101 
102 #endif
103 
104 /* ref:         $Format:%D$ */
105 /* git commit:  $Format:%H$ */
106 /* commit time: $Format:%ai$ */
107 
108