1 /* $OpenBSD: michael.c,v 1.1 2006/03/21 18:40:54 reyk Exp $ */
2
3 /*
4 * Copyright (c) 2005, 2006 Reyk Floeter <reyk@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /*
20 * Implementation of the Michael MIC as defined in IEEE 802.11i for TKIP.
21 * The MIC generates a 64bit digest, which shouldn't be used for any other
22 * applications except TKIP.
23 */
24
25 #include <sys/param.h>
26 #include <sys/systm.h>
27
28 #include <crypto/michael.h>
29
30 #define ROL(n, x) (((x) << (n)) | ((x) >> (32 - (n))))
31 #define ROR(n, x) (((x) >> (n)) | ((x) << (32 - (n))))
32 #define VAL32(x) (*((u_int32_t *)(x)))
33 #define XSWAP(x) (((x) & 0xff00ff00UL) >> 8) | ((((x) & 0x00ff00ffUL) << 8))
34
35 #define MICHAEL_BLOCK(l, r) do { \
36 r ^= ROL(17, l); \
37 l += r; \
38 r ^= XSWAP(l); \
39 l += r; \
40 r ^= ROL(3, l); \
41 l += r; \
42 r ^= ROR(2, l); \
43 l += r; \
44 } while (0)
45
46 void
47 michael_init(MICHAEL_CTX *ctx)
48 {
49 bzero(ctx, sizeof(MICHAEL_CTX));
50 }
51
52 void
53 michael_update(MICHAEL_CTX *ctx, const u_int8_t *data, u_int len)
54 {
55 int i;
56
57 for (i = 0; i < len; i++) {
58 ctx->michael_state |= data[i] << (ctx->michael_count << 3);
59 ctx->michael_count++;
60
61 if (ctx->michael_count >= MICHAEL_RAW_BLOCK_LENGTH) {
62 ctx->michael_l ^= ctx->michael_state;
63 MICHAEL_BLOCK(ctx->michael_l, ctx->michael_r);
64 ctx->michael_state = ctx->michael_count = 0;
65 }
66 }
67 }
68
69 void
70 michael_final(u_int8_t digest[MICHAEL_DIGEST_LENGTH], MICHAEL_CTX *ctx)
71 {
72 u_int8_t pad[] = { 0x5a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
73
74 michael_update(ctx, pad, sizeof(pad));
75
76 VAL32(digest) = letoh32(ctx->michael_l);
77 VAL32(digest + MICHAEL_RAW_BLOCK_LENGTH) = letoh32(ctx->michael_r);
78 }
79
80 void
81 michael_key(const u_int8_t *key, MICHAEL_CTX *ctx)
82 {
83 ctx->michael_l = ctx->michael_key[0] =
84 htole32(VAL32(key));
85 ctx->michael_r = ctx->michael_key[1] =
86 htole32(VAL32(key + MICHAEL_RAW_BLOCK_LENGTH));
87 }