static void test_gf128_mul(void) { uint8_t bout[16]; const void *bx = "\x03\x88\xda\xce\x60\xb6\xa3\x92\xf3\x28\xc2\xb9\x71\xb2\xfe\x78"; const void *by = "\x66\xe9\x4b\xd4\xef\x8a\x2c\x3b\x88\x4c\xfa\x59\xca\x34\x2b\x2e"; const void *bexpect = "\x5e\x2e\xc7\x46\x91\x70\x62\x88\x2c\x85\xb0\x68\x53\x53\xde\xb7"; cf_gf128 x, y, out; cf_gf128_frombytes_be(bx, x); cf_gf128_frombytes_be(by, y); cf_gf128_mul(x, y, out); cf_gf128_tobytes_be(out, bout); TEST_CHECK(memcmp(bexpect, bout, 16) == 0); }
void cf_cmac_init(cf_cmac *ctx, const cf_prp *prp, void *prpctx) { uint8_t L[CF_MAXBLOCK]; assert(prp->blocksz == 16); mem_clean(ctx, sizeof *ctx); /* L = E_K(0^n) */ mem_clean(L, prp->blocksz); prp->encrypt(prpctx, L, L); /* B = 2L */ cf_gf128 gf; cf_gf128_frombytes_be(L, gf); cf_gf128_double(gf, gf); cf_gf128_tobytes_be(gf, ctx->B); /* P = 4L */ cf_gf128_double(gf, gf); cf_gf128_tobytes_be(gf, ctx->P); ctx->prp = prp; ctx->prpctx = prpctx; }