unit AES_OMAC; (************************************************************************* DESCRIPTION : AES OMAC1/2 routines REQUIREMENTS : TP5-7, D1-D7/D9-D10/D12, FPC, VP EXTERNAL DATA : --- MEMORY USAGE : --- DISPLAY MODE : --- REFERENCES : OMAC page: http://www.nuee.nagoya-u.ac.jp/labs/tiwata/omac/omac.html T.Iwata and K.Kurosawa. OMAC: One-Key CBC MAC - Addendum (http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/omac/omac-ad.pdf) Version Date Author Modification ------- -------- ------- ------------------------------------------ 0.10 22.05.04 W.Ehrhardt Initial version 0.11 22.05.04 we Update with move and second while loop 0.12 22.05.04 we Update/final as procedures, $R- in mul_u 0.13 23.05.04 we XL version 0.14 23.05.04 we More comments 0.15 30.05.04 we OMAC2 0.16 31.05.04 we Update references, more comments 0.17 12.06.04 we uses BLKSIZE constant 0.18 12.06.04 we check for nil pointers 0.19 02.07.04 we {$ifdef DLL} stdcall; {$endif} 0.20 30.11.04 we AES_XorBlock, AESBLKSIZE 0.21 30.11.04 we Clear IV if FastInit 0.22 24.12.04 we Calls AES_GetFastInit 0.23 09.07.06 we Checked: D9-D10 0.24 09.07.06 we Interfaced AES_OMACx_Final, AES_OMAC_UpdateXL 0.25 15.11.08 we Use Ptr2Inc from BTypes 0.26 28.07.10 we AES_OMAC_Update with ILen: longint, XL Version with $define OLD_XL_Version **************************************************************************) (*------------------------------------------------------------------------- (C) Copyright 2004-2010 Wolfgang Ehrhardt This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. ----------------------------------------------------------------------------*) {$i STD.INC} interface uses BTypes, AES_Type, AES_Base, AES_Encr; function AES_OMAC_Init({$ifdef CONST} const Key {$else} var Key {$endif}; KeyBits: word; var ctx: TAESContext): integer; {-OMAC init: AES key expansion, error if inv. key size} {$ifdef DLL} stdcall; {$endif} function AES_OMAC_Update(data: pointer; ILen: longint; var ctx: TAESContext): integer; {-OMAC data input, may be called more than once} {$ifdef DLL} stdcall; {$endif} procedure AES_OMAC_Final(var tag: TAESBlock; var ctx: TAESContext); {-end data input, calculate OMAC=OMAC1 tag} {$ifdef DLL} stdcall; {$endif} procedure AES_OMAC1_Final(var tag: TAESBlock; var ctx: TAESContext); {-end data input, calculate OMAC1 tag} {$ifdef DLL} stdcall; {$endif} procedure AES_OMAC2_Final(var tag: TAESBlock; var ctx: TAESContext); {-end data input, calculate OMAC2 tag} {$ifdef DLL} stdcall; {$endif} {$ifdef OLD_XL_Version} function AES_OMAC_UpdateXL (data: pointer; ILen: longint; var ctx: TAESContext): integer; {-OMAC data input, may be called more than once} {$endif} procedure AES_OMACx_Final(OMAC2: boolean; var tag: TAESBlock; var ctx: TAESContext); {-end data input, calculate OMAC tag} { interfaced for AES_CMAC, no need for OMAC usage} {$ifdef DLL} stdcall; {$endif} implementation {---------------------------------------------------------------------------} function AES_OMAC_Init({$ifdef CONST} const Key {$else} var Key {$endif}; KeyBits: word; var ctx: TAESContext): integer; {-OMAC init: AES key expansion, error if inv. key size} begin {AES key expansion, error if inv. key size} {IV = Y[0] = [0]} AES_OMAC_Init := AES_Init_Encr(Key, KeyBits, ctx); if AES_GetFastInit then fillchar(ctx.IV,sizeof(ctx.IV),0); end; {---------------------------------------------------------------------------} function AES_OMAC_Update(data: pointer; ILen: longint; var ctx: TAESContext): integer; {-OMAC data input, may be called more than once} var n: word; begin if (data=nil) and (ILen<>0) then begin AES_OMAC_Update := AES_Err_NIL_Pointer; exit; end; {$ifdef BIT16} if (ofs(data^)+ILen>$FFFF) then begin AES_OMAC_Update := AES_Err_Invalid_16Bit_Length; exit; end; {$endif} AES_OMAC_Update := 0; while ILen>0 do with ctx do begin if bLen>=AESBLKSIZE then begin {process full buffer} {X[i] := M[i] xor Y[i-1]} AES_XorBlock(buf, IV, buf); AES_Encrypt(ctx, buf, IV); bLen := 0; while ILen>AESBLKSIZE do with ctx do begin {continue with full blocks if more } {than one block remains unprocessed} {X[i] := M[i] xor Y[i-1]} AES_XorBlock(PAESBlock(data)^, IV, buf); {Y[i] := EK[X[i]} AES_Encrypt(ctx, buf, IV); inc(Ptr2Inc(data), AESBLKSIZE); dec(ILen, AESBLKSIZE); {ILen>0!} end; end; n := AESBLKSIZE-bLen; if ILen0 because ILen>0 and bLen=AESBLKSIZE then begin {Complete last block, no padding and use L.u} mul_u(tag); end else begin {Incomplete last block, pad buf and use L.u^2 or L.u^-1} buf[bLen] := $80; inc(bLen); while blen