// Given the supplied cipher, whose block size must be 16 bytes, return two // subkeys that can be used in MAC generation. See section 5.3 of NIST SP // 800-38B. Note that the other NIST-approved block size of 8 bytes is not // supported by this function. func generateSubkeys(ciph cipher.Block) (k1 []byte, k2 []byte) { if ciph.BlockSize() != blockSize { panic("generateSubkeys requires a cipher with a block size of 16 bytes.") } // Step 1 l := make([]byte, blockSize) ciph.Encrypt(l, subkeyZero) // Step 2: Derive the first subkey. if common.Msb(l) == 0 { // TODO(jacobsa): Accept a destination buffer in ShiftLeft and then hoist // the allocation in the else branch below. k1 = common.ShiftLeft(l) } else { k1 = make([]byte, blockSize) common.Xor(k1, common.ShiftLeft(l), subkeyRb) } // Step 3: Derive the second subkey. if common.Msb(k1) == 0 { k2 = common.ShiftLeft(k1) } else { k2 = make([]byte, blockSize) common.Xor(k2, common.ShiftLeft(k1), subkeyRb) } return }
func (t *MsbTest) MostSignficantIsZero() { bufs := [][]byte{ []byte{fromBinary("00000000")}, []byte{fromBinary("01000000")}, []byte{fromBinary("01100000")}, []byte{fromBinary("00000000"), fromBinary("10000000")}, } for i, buf := range bufs { ExpectEq(0, common.Msb(buf), "Test case %d: %v", i, buf) } }
// Given a 128-bit binary string, shift the string left by one bit and XOR the // result with 0x00...87 if the bit shifted off was one. This is the dbl // function of RFC 5297. func dbl(b []byte) []byte { if len(b) != aes.BlockSize { panic("dbl requires a 16-byte buffer.") } shiftedOne := common.Msb(b) == 1 b = common.ShiftLeft(b) if shiftedOne { tmp := make([]byte, aes.BlockSize) common.Xor(tmp, b, dblRb) b = tmp } return b }
func (t *MsbTest) EmptyBuffer() { f := func() { common.Msb([]byte{}) } ExpectThat(f, Panics(HasSubstr("empty"))) }
func (t *MsbTest) NilBuffer() { f := func() { common.Msb(nil) } ExpectThat(f, Panics(HasSubstr("empty"))) }