-
Notifications
You must be signed in to change notification settings - Fork 6
/
aes_omac.pas
277 lines (226 loc) · 8.96 KB
/
aes_omac.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
unit AES_OMAC;
(*************************************************************************
DESCRIPTION : AES OMAC1/2 routines
REQUIREMENTS : TP5-7, D1-D7/D9-D10/D12, FPC, VP
EXTERNAL DATA : ---
MEMORY USAGE : ---
DISPLAY MODE : ---
REFERENCES : OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html
T.Iwata and K.Kurosawa. OMAC: One-Key CBC MAC - Addendum
(http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf)
Version Date Author Modification
------- -------- ------- ------------------------------------------
0.10 22.05.04 W.Ehrhardt Initial version
0.11 22.05.04 we Update with move and second while loop
0.12 22.05.04 we Update/final as procedures, $R- in mul_u
0.13 23.05.04 we XL version
0.14 23.05.04 we More comments
0.15 30.05.04 we OMAC2
0.16 31.05.04 we Update references, more comments
0.17 12.06.04 we uses BLKSIZE constant
0.18 12.06.04 we check for nil pointers
0.19 02.07.04 we {$ifdef DLL} stdcall; {$endif}
0.20 30.11.04 we AES_XorBlock, AESBLKSIZE
0.21 30.11.04 we Clear IV if FastInit
0.22 24.12.04 we Calls AES_GetFastInit
0.23 09.07.06 we Checked: D9-D10
0.24 09.07.06 we Interfaced AES_OMACx_Final, AES_OMAC_UpdateXL
0.25 15.11.08 we Use Ptr2Inc from BTypes
0.26 28.07.10 we AES_OMAC_Update with ILen: longint, XL Version with $define OLD_XL_Version
**************************************************************************)
(*-------------------------------------------------------------------------
(C) Copyright 2004-2010 Wolfgang Ehrhardt
This software is provided 'as-is', without any express or implied warranty.
In no event will the authors be held liable for any damages arising from
the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not
claim that you wrote the original software. If you use this software in
a product, an acknowledgment in the product documentation would be
appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
----------------------------------------------------------------------------*)
{$i STD.INC}
interface
uses
BTypes, AES_Type, AES_Base, AES_Encr;
function AES_OMAC_Init({$ifdef CONST} const Key {$else} var Key {$endif};
KeyBits: word; var ctx: TAESContext): integer;
{-OMAC init: AES key expansion, error if inv. key size}
{$ifdef DLL} stdcall; {$endif}
function AES_OMAC_Update(data: pointer; ILen: longint; var ctx: TAESContext): integer;
{-OMAC data input, may be called more than once}
{$ifdef DLL} stdcall; {$endif}
procedure AES_OMAC_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC=OMAC1 tag}
{$ifdef DLL} stdcall; {$endif}
procedure AES_OMAC1_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC1 tag}
{$ifdef DLL} stdcall; {$endif}
procedure AES_OMAC2_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC2 tag}
{$ifdef DLL} stdcall; {$endif}
{$ifdef OLD_XL_Version}
function AES_OMAC_UpdateXL (data: pointer; ILen: longint; var ctx: TAESContext): integer;
{-OMAC data input, may be called more than once}
{$endif}
procedure AES_OMACx_Final(OMAC2: boolean; var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC tag}
{ interfaced for AES_CMAC, no need for OMAC usage}
{$ifdef DLL} stdcall; {$endif}
implementation
{---------------------------------------------------------------------------}
function AES_OMAC_Init({$ifdef CONST} const Key {$else} var Key {$endif};
KeyBits: word; var ctx: TAESContext): integer;
{-OMAC init: AES key expansion, error if inv. key size}
begin
{AES key expansion, error if inv. key size}
{IV = Y[0] = [0]}
AES_OMAC_Init := AES_Init_Encr(Key, KeyBits, ctx);
if AES_GetFastInit then fillchar(ctx.IV,sizeof(ctx.IV),0);
end;
{---------------------------------------------------------------------------}
function AES_OMAC_Update(data: pointer; ILen: longint; var ctx: TAESContext): integer;
{-OMAC data input, may be called more than once}
var
n: word;
begin
if (data=nil) and (ILen<>0) then begin
AES_OMAC_Update := AES_Err_NIL_Pointer;
exit;
end;
{$ifdef BIT16}
if (ofs(data^)+ILen>$FFFF) then begin
AES_OMAC_Update := AES_Err_Invalid_16Bit_Length;
exit;
end;
{$endif}
AES_OMAC_Update := 0;
while ILen>0 do with ctx do begin
if bLen>=AESBLKSIZE then begin
{process full buffer}
{X[i] := M[i] xor Y[i-1]}
AES_XorBlock(buf, IV, buf);
AES_Encrypt(ctx, buf, IV);
bLen := 0;
while ILen>AESBLKSIZE do with ctx do begin
{continue with full blocks if more }
{than one block remains unprocessed}
{X[i] := M[i] xor Y[i-1]}
AES_XorBlock(PAESBlock(data)^, IV, buf);
{Y[i] := EK[X[i]}
AES_Encrypt(ctx, buf, IV);
inc(Ptr2Inc(data), AESBLKSIZE);
dec(ILen, AESBLKSIZE); {ILen>0!}
end;
end;
n := AESBLKSIZE-bLen; if ILen<n then n:=ILen;
{n>0 because ILen>0 and bLen<AESBLKSIZE}
move(data^, buf[bLen], n);
inc(bLen,n);
inc(Ptr2Inc(data),n);
dec(ILen,n);
end;
end;
{$ifdef OLD_XL_Version}
{---------------------------------------------------------------------------}
function AES_OMAC_UpdateXL (data: pointer; ILen: longint; var ctx: TAESContext): integer;
{-OMAC data input, may be called more than once}
begin
AES_OMAC_UpdateXL := AES_OMAC_Update(data, ILen, ctx);
end;
{$endif}
{---------------------------------------------------------------------------}
procedure AES_OMACx_Final(OMAC2: boolean; var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC tag}
{Turn off range checking for byte shifts}
{$ifopt R+} {$define SetRPlus} {$else} {$undef SetRPlus} {$endif}
{$R-}
{---------------------------------------}
procedure mul_u(var L: TAESBlock);
{-Calculate L.u}
const
masks: array[0..1] of byte = (0,$87);
var
i: integer;
mask: byte;
begin
mask := masks[L[0] shr 7];
for i:=0 to AESBLKSIZE-2 do L[i] := (L[i] shl 1) or (L[i+1] shr 7);
L[AESBLKSIZE-1] := (L[AESBLKSIZE-1] shl 1) xor mask;
end;
{---------------------------------------}
procedure div_u(var L: TAESBlock);
{-Calculate L.u^-1}
const
mask1: array[0..1] of byte = (0, $43);
mask2: array[0..1] of byte = (0, $80);
var
i,j: integer;
begin
j := L[AESBLKSIZE-1] and 1;
for i:=AESBLKSIZE-1 downto 1 do L[i] := (L[i] shr 1) or (L[i-1] shl 7);
L[0] := (L[0] shr 1) xor mask2[j];
L[AESBLKSIZE-1] := L[AESBLKSIZE-1] xor mask1[j];
end;
{$ifdef SetRPlus}
{$R+}
{$endif}
begin
with ctx do begin
fillchar(tag, sizeof(tag), 0);
{L := EK(0)}
AES_Encrypt(ctx, tag, tag);
if blen>=AESBLKSIZE then begin
{Complete last block, no padding and use L.u}
mul_u(tag);
end
else begin
{Incomplete last block, pad buf and use L.u^2 or L.u^-1}
buf[bLen] := $80;
inc(bLen);
while blen<AESBLKSIZE do begin
buf[bLen] := 0;
inc(bLen);
end;
if OMAC2 then begin
{calc L.u^-1}
div_u(tag);
end
else begin
{calc L.u^2}
mul_u(tag);
mul_u(tag);
end;
end;
{X[m] := pad(M[n]) xor Y[m-1]}
AES_XorBlock(buf, IV, buf);
{X[m] := X[m] xor L.u^e, e=-1,1,2}
AES_XorBlock(buf, tag, buf);
{T := EK(X[m])}
AES_Encrypt(ctx, buf, tag);
end;
end;
{---------------------------------------------------------------------------}
procedure AES_OMAC_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC=OMAC1 tag}
begin
AES_OMACx_Final(false, tag, ctx);
end;
{---------------------------------------------------------------------------}
procedure AES_OMAC1_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC1 tag}
begin
AES_OMACx_Final(false, tag, ctx);
end;
{---------------------------------------------------------------------------}
procedure AES_OMAC2_Final(var tag: TAESBlock; var ctx: TAESContext);
{-end data input, calculate OMAC2 tag}
begin
AES_OMACx_Final(true, tag, ctx);
end;
end.