1 files changed, 113 insertions, 0 deletions

diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/external/cifra_AES128-EAX/gf128.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/cifra_AES128-EAX/gf128.c
new file mode 100644
index 0000000..b957cea
--- /dev/null
+++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/external/cifra_AES128-EAX/gf128.c
@@ -0,0 +1,113 @@
+/*
+ * cifra - embedded cryptography library
+ * Written in 2014 by Joseph Birr-Pixton <jpixton@gmail.com>
+ *
+ * To the extent possible under law, the author(s) have dedicated all
+ * copyright and related and neighboring rights to this software to the
+ * public domain worldwide. This software is distributed without any
+ * warranty.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include "cf_config.h"
+#include "gf128.h"
+#include "bitops.h"
+
+#include <string.h>
+
+void cf_gf128_tobytes_be(const cf_gf128 in, uint8_t out[16])
+{
+  write32_be(in[0], out + 0);
+  write32_be(in[1], out + 4);
+  write32_be(in[2], out + 8);
+  write32_be(in[3], out + 12);
+}
+
+void cf_gf128_frombytes_be(const uint8_t in[16], cf_gf128 out)
+{
+  out[0] = read32_be(in + 0);
+  out[1] = read32_be(in + 4);
+  out[2] = read32_be(in + 8);
+  out[3] = read32_be(in + 12);
+}
+
+/* out = 2 * in.  Arguments may alias. */
+void cf_gf128_double(const cf_gf128 in, cf_gf128 out)
+{
+  uint8_t table[2] = { 0x00, 0x87 };
+  uint32_t borrow = 0;
+  uint32_t inword;
+
+  inword = in[3];   out[3] = (inword << 1) | borrow;  borrow = inword >> 31;
+  inword = in[2];   out[2] = (inword << 1) | borrow;  borrow = inword >> 31;
+  inword = in[1];   out[1] = (inword << 1) | borrow;  borrow = inword >> 31;
+  inword = in[0];   out[0] = (inword << 1) | borrow;  borrow = inword >> 31;
+  
+#if CF_CACHE_SIDE_CHANNEL_PROTECTION
+  out[3] ^= select_u8(borrow, table, 2);
+#else
+  out[3] ^= table[borrow];
+#endif
+}
+
+/* out = 2 * in.  Arguments may alias. */
+void cf_gf128_double_le(const cf_gf128 in, cf_gf128 out)
+{
+  uint8_t table[2] = { 0x00, 0xe1 };
+  uint32_t borrow = 0;
+  uint32_t inword;
+
+  inword = in[0];   out[0] = (inword >> 1) | (borrow << 31);  borrow = inword & 1;
+  inword = in[1];   out[1] = (inword >> 1) | (borrow << 31);  borrow = inword & 1;
+  inword = in[2];   out[2] = (inword >> 1) | (borrow << 31);  borrow = inword & 1;
+  inword = in[3];   out[3] = (inword >> 1) | (borrow << 31);  borrow = inword & 1;
+
+#if CF_CACHE_SIDE_CHANNEL_PROTECTION
+  out[0] ^= select_u8(borrow, table, 2) << 24;
+#else
+  out[0] ^= table[borrow] << 24;
+#endif
+}
+
+/* out = x + y.  Arguments may alias. */
+void cf_gf128_add(const cf_gf128 x, const cf_gf128 y, cf_gf128 out)
+{
+  out[0] = x[0] ^ y[0];
+  out[1] = x[1] ^ y[1];
+  out[2] = x[2] ^ y[2];
+  out[3] = x[3] ^ y[3];
+}
+
+/* out = xy.  Arguments may alias. */
+void cf_gf128_mul(const cf_gf128 x, const cf_gf128 y, cf_gf128 out)
+{
+#if CF_TIME_SIDE_CHANNEL_PROTECTION
+  cf_gf128 zero = { 0 };
+#endif
+ 
+  /* Z_0 = 0^128
+   * V_0 = Y */ 
+  cf_gf128 Z, V;
+  memset(Z, 0, sizeof Z);
+  memcpy(V, y, sizeof V);
+
+  for (int i = 0; i < 128; i++)
+  {
+    uint32_t word = x[i >> 5];
+    uint8_t bit = (word >> (31 - (i & 31))) & 1;
+
+#if CF_TIME_SIDE_CHANNEL_PROTECTION
+    select_xor128(Z, zero, V, bit);
+#else
+    if (bit)
+      xor_words(Z, V, 4);
+#endif
+
+    cf_gf128_double_le(V, V);
+  }
+
+  memcpy(out, Z, sizeof Z);
+}