mbed TLS upgraded to 2.6.0

Fork of mbedtls by Mark Radbourne

Committer:
Jasper Wallace
Date:
Fri Sep 29 19:50:30 2017 +0100
Revision:
2:bbdeda018a3c
Parent:
0:cdf462088d13
Update to mbedtls 2.6.0, many changes.

Changes to mbedtls sources made:

in include/mbedtls/config.h comment out:

#define MBEDTLS_FS_IO
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C

uncomment:

#define MBEDTLS_NO_PLATFORM_ENTROPY

remove the following directorys:

programs
yotta
visualc

Who changed what in which revision?

UserRevisionLine numberNew contents of line
Jasper Wallace 2:bbdeda018a3c 1 /**
markrad 0:cdf462088d13 2 * \file cmac.c
markrad 0:cdf462088d13 3 *
markrad 0:cdf462088d13 4 * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
markrad 0:cdf462088d13 5 *
markrad 0:cdf462088d13 6 * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
markrad 0:cdf462088d13 7 * SPDX-License-Identifier: Apache-2.0
markrad 0:cdf462088d13 8 *
markrad 0:cdf462088d13 9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
markrad 0:cdf462088d13 10 * not use this file except in compliance with the License.
markrad 0:cdf462088d13 11 * You may obtain a copy of the License at
markrad 0:cdf462088d13 12 *
markrad 0:cdf462088d13 13 * http://www.apache.org/licenses/LICENSE-2.0
markrad 0:cdf462088d13 14 *
markrad 0:cdf462088d13 15 * Unless required by applicable law or agreed to in writing, software
markrad 0:cdf462088d13 16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
markrad 0:cdf462088d13 17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
markrad 0:cdf462088d13 18 * See the License for the specific language governing permissions and
markrad 0:cdf462088d13 19 * limitations under the License.
markrad 0:cdf462088d13 20 *
markrad 0:cdf462088d13 21 * This file is part of mbed TLS (https://tls.mbed.org)
markrad 0:cdf462088d13 22 */
markrad 0:cdf462088d13 23
markrad 0:cdf462088d13 24 /*
markrad 0:cdf462088d13 25 * References:
markrad 0:cdf462088d13 26 *
markrad 0:cdf462088d13 27 * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
markrad 0:cdf462088d13 28 * CMAC Mode for Authentication
markrad 0:cdf462088d13 29 * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
markrad 0:cdf462088d13 30 *
markrad 0:cdf462088d13 31 * - RFC 4493 - The AES-CMAC Algorithm
markrad 0:cdf462088d13 32 * https://tools.ietf.org/html/rfc4493
markrad 0:cdf462088d13 33 *
markrad 0:cdf462088d13 34 * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message
markrad 0:cdf462088d13 35 * Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128)
markrad 0:cdf462088d13 36 * Algorithm for the Internet Key Exchange Protocol (IKE)
markrad 0:cdf462088d13 37 * https://tools.ietf.org/html/rfc4615
markrad 0:cdf462088d13 38 *
markrad 0:cdf462088d13 39 * Additional test vectors: ISO/IEC 9797-1
markrad 0:cdf462088d13 40 *
markrad 0:cdf462088d13 41 */
markrad 0:cdf462088d13 42
markrad 0:cdf462088d13 43 #if !defined(MBEDTLS_CONFIG_FILE)
markrad 0:cdf462088d13 44 #include "mbedtls/config.h"
markrad 0:cdf462088d13 45 #else
markrad 0:cdf462088d13 46 #include MBEDTLS_CONFIG_FILE
markrad 0:cdf462088d13 47 #endif
markrad 0:cdf462088d13 48
markrad 0:cdf462088d13 49 #if defined(MBEDTLS_CMAC_C)
markrad 0:cdf462088d13 50
markrad 0:cdf462088d13 51 #include "mbedtls/cmac.h"
markrad 0:cdf462088d13 52
markrad 0:cdf462088d13 53 #include <string.h>
markrad 0:cdf462088d13 54
markrad 0:cdf462088d13 55
markrad 0:cdf462088d13 56 #if defined(MBEDTLS_PLATFORM_C)
markrad 0:cdf462088d13 57 #include "mbedtls/platform.h"
markrad 0:cdf462088d13 58 #else
markrad 0:cdf462088d13 59 #include <stdlib.h>
markrad 0:cdf462088d13 60 #define mbedtls_calloc calloc
markrad 0:cdf462088d13 61 #define mbedtls_free free
markrad 0:cdf462088d13 62 #if defined(MBEDTLS_SELF_TEST)
markrad 0:cdf462088d13 63 #include <stdio.h>
markrad 0:cdf462088d13 64 #define mbedtls_printf printf
markrad 0:cdf462088d13 65 #endif /* MBEDTLS_SELF_TEST */
markrad 0:cdf462088d13 66 #endif /* MBEDTLS_PLATFORM_C */
markrad 0:cdf462088d13 67
markrad 0:cdf462088d13 68 /* Implementation that should never be optimized out by the compiler */
markrad 0:cdf462088d13 69 static void mbedtls_zeroize( void *v, size_t n ) {
markrad 0:cdf462088d13 70 volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
markrad 0:cdf462088d13 71 }
markrad 0:cdf462088d13 72
markrad 0:cdf462088d13 73 /*
markrad 0:cdf462088d13 74 * Multiplication by u in the Galois field of GF(2^n)
markrad 0:cdf462088d13 75 *
markrad 0:cdf462088d13 76 * As explained in NIST SP 800-38B, this can be computed:
markrad 0:cdf462088d13 77 *
markrad 0:cdf462088d13 78 * If MSB(p) = 0, then p = (p << 1)
markrad 0:cdf462088d13 79 * If MSB(p) = 1, then p = (p << 1) ^ R_n
markrad 0:cdf462088d13 80 * with R_64 = 0x1B and R_128 = 0x87
markrad 0:cdf462088d13 81 *
markrad 0:cdf462088d13 82 * Input and output MUST NOT point to the same buffer
markrad 0:cdf462088d13 83 * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
markrad 0:cdf462088d13 84 */
markrad 0:cdf462088d13 85 static int cmac_multiply_by_u( unsigned char *output,
markrad 0:cdf462088d13 86 const unsigned char *input,
markrad 0:cdf462088d13 87 size_t blocksize )
markrad 0:cdf462088d13 88 {
markrad 0:cdf462088d13 89 const unsigned char R_128 = 0x87;
markrad 0:cdf462088d13 90 const unsigned char R_64 = 0x1B;
markrad 0:cdf462088d13 91 unsigned char R_n, mask;
markrad 0:cdf462088d13 92 unsigned char overflow = 0x00;
markrad 0:cdf462088d13 93 int i;
markrad 0:cdf462088d13 94
markrad 0:cdf462088d13 95 if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
markrad 0:cdf462088d13 96 {
markrad 0:cdf462088d13 97 R_n = R_128;
markrad 0:cdf462088d13 98 }
markrad 0:cdf462088d13 99 else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
markrad 0:cdf462088d13 100 {
markrad 0:cdf462088d13 101 R_n = R_64;
markrad 0:cdf462088d13 102 }
markrad 0:cdf462088d13 103 else
markrad 0:cdf462088d13 104 {
markrad 0:cdf462088d13 105 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 106 }
markrad 0:cdf462088d13 107
markrad 0:cdf462088d13 108 for( i = (int)blocksize - 1; i >= 0; i-- )
markrad 0:cdf462088d13 109 {
markrad 0:cdf462088d13 110 output[i] = input[i] << 1 | overflow;
markrad 0:cdf462088d13 111 overflow = input[i] >> 7;
markrad 0:cdf462088d13 112 }
markrad 0:cdf462088d13 113
markrad 0:cdf462088d13 114 /* mask = ( input[0] >> 7 ) ? 0xff : 0x00
markrad 0:cdf462088d13 115 * using bit operations to avoid branches */
markrad 0:cdf462088d13 116
markrad 0:cdf462088d13 117 /* MSVC has a warning about unary minus on unsigned, but this is
markrad 0:cdf462088d13 118 * well-defined and precisely what we want to do here */
markrad 0:cdf462088d13 119 #if defined(_MSC_VER)
markrad 0:cdf462088d13 120 #pragma warning( push )
markrad 0:cdf462088d13 121 #pragma warning( disable : 4146 )
markrad 0:cdf462088d13 122 #endif
markrad 0:cdf462088d13 123 mask = - ( input[0] >> 7 );
markrad 0:cdf462088d13 124 #if defined(_MSC_VER)
markrad 0:cdf462088d13 125 #pragma warning( pop )
markrad 0:cdf462088d13 126 #endif
markrad 0:cdf462088d13 127
markrad 0:cdf462088d13 128 output[ blocksize - 1 ] ^= R_n & mask;
markrad 0:cdf462088d13 129
markrad 0:cdf462088d13 130 return( 0 );
markrad 0:cdf462088d13 131 }
markrad 0:cdf462088d13 132
markrad 0:cdf462088d13 133 /*
markrad 0:cdf462088d13 134 * Generate subkeys
markrad 0:cdf462088d13 135 *
markrad 0:cdf462088d13 136 * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
markrad 0:cdf462088d13 137 */
markrad 0:cdf462088d13 138 static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
markrad 0:cdf462088d13 139 unsigned char* K1, unsigned char* K2 )
markrad 0:cdf462088d13 140 {
markrad 0:cdf462088d13 141 int ret;
markrad 0:cdf462088d13 142 unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 143 size_t olen, block_size;
markrad 0:cdf462088d13 144
markrad 0:cdf462088d13 145 mbedtls_zeroize( L, sizeof( L ) );
markrad 0:cdf462088d13 146
markrad 0:cdf462088d13 147 block_size = ctx->cipher_info->block_size;
markrad 0:cdf462088d13 148
markrad 0:cdf462088d13 149 /* Calculate Ek(0) */
markrad 0:cdf462088d13 150 if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
markrad 0:cdf462088d13 151 goto exit;
markrad 0:cdf462088d13 152
markrad 0:cdf462088d13 153 /*
markrad 0:cdf462088d13 154 * Generate K1 and K2
markrad 0:cdf462088d13 155 */
markrad 0:cdf462088d13 156 if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
markrad 0:cdf462088d13 157 goto exit;
markrad 0:cdf462088d13 158
markrad 0:cdf462088d13 159 if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
markrad 0:cdf462088d13 160 goto exit;
markrad 0:cdf462088d13 161
markrad 0:cdf462088d13 162 exit:
markrad 0:cdf462088d13 163 mbedtls_zeroize( L, sizeof( L ) );
markrad 0:cdf462088d13 164
markrad 0:cdf462088d13 165 return( ret );
markrad 0:cdf462088d13 166 }
markrad 0:cdf462088d13 167
markrad 0:cdf462088d13 168 static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
markrad 0:cdf462088d13 169 const unsigned char *input2,
markrad 0:cdf462088d13 170 const size_t block_size )
markrad 0:cdf462088d13 171 {
Jasper Wallace 2:bbdeda018a3c 172 size_t idx;
markrad 0:cdf462088d13 173
Jasper Wallace 2:bbdeda018a3c 174 for( idx = 0; idx < block_size; idx++ )
Jasper Wallace 2:bbdeda018a3c 175 output[ idx ] = input1[ idx ] ^ input2[ idx ];
markrad 0:cdf462088d13 176 }
markrad 0:cdf462088d13 177
markrad 0:cdf462088d13 178 /*
markrad 0:cdf462088d13 179 * Create padded last block from (partial) last block.
markrad 0:cdf462088d13 180 *
markrad 0:cdf462088d13 181 * We can't use the padding option from the cipher layer, as it only works for
markrad 0:cdf462088d13 182 * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition.
markrad 0:cdf462088d13 183 */
markrad 0:cdf462088d13 184 static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
markrad 0:cdf462088d13 185 size_t padded_block_len,
markrad 0:cdf462088d13 186 const unsigned char *last_block,
markrad 0:cdf462088d13 187 size_t last_block_len )
markrad 0:cdf462088d13 188 {
markrad 0:cdf462088d13 189 size_t j;
markrad 0:cdf462088d13 190
markrad 0:cdf462088d13 191 for( j = 0; j < padded_block_len; j++ )
markrad 0:cdf462088d13 192 {
markrad 0:cdf462088d13 193 if( j < last_block_len )
markrad 0:cdf462088d13 194 padded_block[j] = last_block[j];
markrad 0:cdf462088d13 195 else if( j == last_block_len )
markrad 0:cdf462088d13 196 padded_block[j] = 0x80;
markrad 0:cdf462088d13 197 else
markrad 0:cdf462088d13 198 padded_block[j] = 0x00;
markrad 0:cdf462088d13 199 }
markrad 0:cdf462088d13 200 }
markrad 0:cdf462088d13 201
markrad 0:cdf462088d13 202 int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
markrad 0:cdf462088d13 203 const unsigned char *key, size_t keybits )
markrad 0:cdf462088d13 204 {
markrad 0:cdf462088d13 205 mbedtls_cipher_type_t type;
markrad 0:cdf462088d13 206 mbedtls_cmac_context_t *cmac_ctx;
markrad 0:cdf462088d13 207 int retval;
markrad 0:cdf462088d13 208
markrad 0:cdf462088d13 209 if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
markrad 0:cdf462088d13 210 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 211
markrad 0:cdf462088d13 212 if( ( retval = mbedtls_cipher_setkey( ctx, key, (int)keybits,
markrad 0:cdf462088d13 213 MBEDTLS_ENCRYPT ) ) != 0 )
markrad 0:cdf462088d13 214 return( retval );
markrad 0:cdf462088d13 215
markrad 0:cdf462088d13 216 type = ctx->cipher_info->type;
markrad 0:cdf462088d13 217
markrad 0:cdf462088d13 218 switch( type )
markrad 0:cdf462088d13 219 {
markrad 0:cdf462088d13 220 case MBEDTLS_CIPHER_AES_128_ECB:
markrad 0:cdf462088d13 221 case MBEDTLS_CIPHER_AES_192_ECB:
markrad 0:cdf462088d13 222 case MBEDTLS_CIPHER_AES_256_ECB:
markrad 0:cdf462088d13 223 case MBEDTLS_CIPHER_DES_EDE3_ECB:
markrad 0:cdf462088d13 224 break;
markrad 0:cdf462088d13 225 default:
markrad 0:cdf462088d13 226 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 227 }
markrad 0:cdf462088d13 228
markrad 0:cdf462088d13 229 /* Allocated and initialise in the cipher context memory for the CMAC
markrad 0:cdf462088d13 230 * context */
markrad 0:cdf462088d13 231 cmac_ctx = mbedtls_calloc( 1, sizeof( mbedtls_cmac_context_t ) );
markrad 0:cdf462088d13 232 if( cmac_ctx == NULL )
markrad 0:cdf462088d13 233 return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
markrad 0:cdf462088d13 234
markrad 0:cdf462088d13 235 ctx->cmac_ctx = cmac_ctx;
markrad 0:cdf462088d13 236
markrad 0:cdf462088d13 237 mbedtls_zeroize( cmac_ctx->state, sizeof( cmac_ctx->state ) );
markrad 0:cdf462088d13 238
markrad 0:cdf462088d13 239 return 0;
markrad 0:cdf462088d13 240 }
markrad 0:cdf462088d13 241
markrad 0:cdf462088d13 242 int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
markrad 0:cdf462088d13 243 const unsigned char *input, size_t ilen )
markrad 0:cdf462088d13 244 {
markrad 0:cdf462088d13 245 mbedtls_cmac_context_t* cmac_ctx;
markrad 0:cdf462088d13 246 unsigned char *state;
markrad 0:cdf462088d13 247 int ret = 0;
markrad 0:cdf462088d13 248 size_t n, j, olen, block_size;
markrad 0:cdf462088d13 249
markrad 0:cdf462088d13 250 if( ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
markrad 0:cdf462088d13 251 ctx->cmac_ctx == NULL )
markrad 0:cdf462088d13 252 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 253
markrad 0:cdf462088d13 254 cmac_ctx = ctx->cmac_ctx;
markrad 0:cdf462088d13 255 block_size = ctx->cipher_info->block_size;
markrad 0:cdf462088d13 256 state = ctx->cmac_ctx->state;
markrad 0:cdf462088d13 257
markrad 0:cdf462088d13 258 /* Is there data still to process from the last call, that's greater in
markrad 0:cdf462088d13 259 * size than a block? */
markrad 0:cdf462088d13 260 if( cmac_ctx->unprocessed_len > 0 &&
markrad 0:cdf462088d13 261 ilen > block_size - cmac_ctx->unprocessed_len )
markrad 0:cdf462088d13 262 {
markrad 0:cdf462088d13 263 memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
markrad 0:cdf462088d13 264 input,
markrad 0:cdf462088d13 265 block_size - cmac_ctx->unprocessed_len );
markrad 0:cdf462088d13 266
markrad 0:cdf462088d13 267 cmac_xor_block( state, cmac_ctx->unprocessed_block, state, block_size );
markrad 0:cdf462088d13 268
markrad 0:cdf462088d13 269 if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
markrad 0:cdf462088d13 270 &olen ) ) != 0 )
markrad 0:cdf462088d13 271 {
markrad 0:cdf462088d13 272 goto exit;
markrad 0:cdf462088d13 273 }
markrad 0:cdf462088d13 274
markrad 0:cdf462088d13 275 input += block_size - cmac_ctx->unprocessed_len;
markrad 0:cdf462088d13 276 ilen -= block_size - cmac_ctx->unprocessed_len;
markrad 0:cdf462088d13 277 cmac_ctx->unprocessed_len = 0;
markrad 0:cdf462088d13 278 }
markrad 0:cdf462088d13 279
markrad 0:cdf462088d13 280 /* n is the number of blocks including any final partial block */
markrad 0:cdf462088d13 281 n = ( ilen + block_size - 1 ) / block_size;
markrad 0:cdf462088d13 282
markrad 0:cdf462088d13 283 /* Iterate across the input data in block sized chunks, excluding any
markrad 0:cdf462088d13 284 * final partial or complete block */
markrad 0:cdf462088d13 285 for( j = 1; j < n; j++ )
markrad 0:cdf462088d13 286 {
markrad 0:cdf462088d13 287 cmac_xor_block( state, input, state, block_size );
markrad 0:cdf462088d13 288
markrad 0:cdf462088d13 289 if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
markrad 0:cdf462088d13 290 &olen ) ) != 0 )
markrad 0:cdf462088d13 291 goto exit;
markrad 0:cdf462088d13 292
markrad 0:cdf462088d13 293 ilen -= block_size;
markrad 0:cdf462088d13 294 input += block_size;
markrad 0:cdf462088d13 295 }
markrad 0:cdf462088d13 296
markrad 0:cdf462088d13 297 /* If there is data left over that wasn't aligned to a block */
markrad 0:cdf462088d13 298 if( ilen > 0 )
markrad 0:cdf462088d13 299 {
markrad 0:cdf462088d13 300 memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
markrad 0:cdf462088d13 301 input,
markrad 0:cdf462088d13 302 ilen );
markrad 0:cdf462088d13 303 cmac_ctx->unprocessed_len += ilen;
markrad 0:cdf462088d13 304 }
markrad 0:cdf462088d13 305
markrad 0:cdf462088d13 306 exit:
markrad 0:cdf462088d13 307 return( ret );
markrad 0:cdf462088d13 308 }
markrad 0:cdf462088d13 309
markrad 0:cdf462088d13 310 int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
markrad 0:cdf462088d13 311 unsigned char *output )
markrad 0:cdf462088d13 312 {
markrad 0:cdf462088d13 313 mbedtls_cmac_context_t* cmac_ctx;
markrad 0:cdf462088d13 314 unsigned char *state, *last_block;
markrad 0:cdf462088d13 315 unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 316 unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 317 unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 318 int ret;
markrad 0:cdf462088d13 319 size_t olen, block_size;
markrad 0:cdf462088d13 320
markrad 0:cdf462088d13 321 if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
markrad 0:cdf462088d13 322 output == NULL )
markrad 0:cdf462088d13 323 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 324
markrad 0:cdf462088d13 325 cmac_ctx = ctx->cmac_ctx;
markrad 0:cdf462088d13 326 block_size = ctx->cipher_info->block_size;
markrad 0:cdf462088d13 327 state = cmac_ctx->state;
markrad 0:cdf462088d13 328
markrad 0:cdf462088d13 329 mbedtls_zeroize( K1, sizeof( K1 ) );
markrad 0:cdf462088d13 330 mbedtls_zeroize( K2, sizeof( K2 ) );
markrad 0:cdf462088d13 331 cmac_generate_subkeys( ctx, K1, K2 );
markrad 0:cdf462088d13 332
markrad 0:cdf462088d13 333 last_block = cmac_ctx->unprocessed_block;
markrad 0:cdf462088d13 334
markrad 0:cdf462088d13 335 /* Calculate last block */
markrad 0:cdf462088d13 336 if( cmac_ctx->unprocessed_len < block_size )
markrad 0:cdf462088d13 337 {
markrad 0:cdf462088d13 338 cmac_pad( M_last, block_size, last_block, cmac_ctx->unprocessed_len );
markrad 0:cdf462088d13 339 cmac_xor_block( M_last, M_last, K2, block_size );
markrad 0:cdf462088d13 340 }
markrad 0:cdf462088d13 341 else
markrad 0:cdf462088d13 342 {
markrad 0:cdf462088d13 343 /* Last block is complete block */
markrad 0:cdf462088d13 344 cmac_xor_block( M_last, last_block, K1, block_size );
markrad 0:cdf462088d13 345 }
markrad 0:cdf462088d13 346
markrad 0:cdf462088d13 347
markrad 0:cdf462088d13 348 cmac_xor_block( state, M_last, state, block_size );
markrad 0:cdf462088d13 349 if( ( ret = mbedtls_cipher_update( ctx, state, block_size, state,
markrad 0:cdf462088d13 350 &olen ) ) != 0 )
markrad 0:cdf462088d13 351 {
markrad 0:cdf462088d13 352 goto exit;
markrad 0:cdf462088d13 353 }
markrad 0:cdf462088d13 354
markrad 0:cdf462088d13 355 memcpy( output, state, block_size );
markrad 0:cdf462088d13 356
markrad 0:cdf462088d13 357 exit:
markrad 0:cdf462088d13 358 /* Wipe the generated keys on the stack, and any other transients to avoid
markrad 0:cdf462088d13 359 * side channel leakage */
markrad 0:cdf462088d13 360 mbedtls_zeroize( K1, sizeof( K1 ) );
markrad 0:cdf462088d13 361 mbedtls_zeroize( K2, sizeof( K2 ) );
markrad 0:cdf462088d13 362
markrad 0:cdf462088d13 363 cmac_ctx->unprocessed_len = 0;
markrad 0:cdf462088d13 364 mbedtls_zeroize( cmac_ctx->unprocessed_block,
markrad 0:cdf462088d13 365 sizeof( cmac_ctx->unprocessed_block ) );
markrad 0:cdf462088d13 366
markrad 0:cdf462088d13 367 mbedtls_zeroize( state, MBEDTLS_CIPHER_BLKSIZE_MAX );
markrad 0:cdf462088d13 368 return( ret );
markrad 0:cdf462088d13 369 }
markrad 0:cdf462088d13 370
markrad 0:cdf462088d13 371 int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
markrad 0:cdf462088d13 372 {
markrad 0:cdf462088d13 373 mbedtls_cmac_context_t* cmac_ctx;
markrad 0:cdf462088d13 374
markrad 0:cdf462088d13 375 if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
markrad 0:cdf462088d13 376 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 377
markrad 0:cdf462088d13 378 cmac_ctx = ctx->cmac_ctx;
markrad 0:cdf462088d13 379
markrad 0:cdf462088d13 380 /* Reset the internal state */
markrad 0:cdf462088d13 381 cmac_ctx->unprocessed_len = 0;
markrad 0:cdf462088d13 382 mbedtls_zeroize( cmac_ctx->unprocessed_block,
markrad 0:cdf462088d13 383 sizeof( cmac_ctx->unprocessed_block ) );
markrad 0:cdf462088d13 384 mbedtls_zeroize( cmac_ctx->state,
markrad 0:cdf462088d13 385 sizeof( cmac_ctx->state ) );
markrad 0:cdf462088d13 386
markrad 0:cdf462088d13 387 return( 0 );
markrad 0:cdf462088d13 388 }
markrad 0:cdf462088d13 389
markrad 0:cdf462088d13 390 int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
markrad 0:cdf462088d13 391 const unsigned char *key, size_t keylen,
markrad 0:cdf462088d13 392 const unsigned char *input, size_t ilen,
markrad 0:cdf462088d13 393 unsigned char *output )
markrad 0:cdf462088d13 394 {
markrad 0:cdf462088d13 395 mbedtls_cipher_context_t ctx;
markrad 0:cdf462088d13 396 int ret;
markrad 0:cdf462088d13 397
markrad 0:cdf462088d13 398 if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
markrad 0:cdf462088d13 399 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 400
markrad 0:cdf462088d13 401 mbedtls_cipher_init( &ctx );
markrad 0:cdf462088d13 402
markrad 0:cdf462088d13 403 if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
markrad 0:cdf462088d13 404 goto exit;
markrad 0:cdf462088d13 405
markrad 0:cdf462088d13 406 ret = mbedtls_cipher_cmac_starts( &ctx, key, keylen );
markrad 0:cdf462088d13 407 if( ret != 0 )
markrad 0:cdf462088d13 408 goto exit;
markrad 0:cdf462088d13 409
markrad 0:cdf462088d13 410 ret = mbedtls_cipher_cmac_update( &ctx, input, ilen );
markrad 0:cdf462088d13 411 if( ret != 0 )
markrad 0:cdf462088d13 412 goto exit;
markrad 0:cdf462088d13 413
markrad 0:cdf462088d13 414 ret = mbedtls_cipher_cmac_finish( &ctx, output );
markrad 0:cdf462088d13 415
markrad 0:cdf462088d13 416 exit:
markrad 0:cdf462088d13 417 mbedtls_cipher_free( &ctx );
markrad 0:cdf462088d13 418
markrad 0:cdf462088d13 419 return( ret );
markrad 0:cdf462088d13 420 }
markrad 0:cdf462088d13 421
markrad 0:cdf462088d13 422 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 423 /*
markrad 0:cdf462088d13 424 * Implementation of AES-CMAC-PRF-128 defined in RFC 4615
markrad 0:cdf462088d13 425 */
markrad 0:cdf462088d13 426 int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
markrad 0:cdf462088d13 427 const unsigned char *input, size_t in_len,
markrad 0:cdf462088d13 428 unsigned char *output )
markrad 0:cdf462088d13 429 {
markrad 0:cdf462088d13 430 int ret;
markrad 0:cdf462088d13 431 const mbedtls_cipher_info_t *cipher_info;
markrad 0:cdf462088d13 432 unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
markrad 0:cdf462088d13 433 unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
markrad 0:cdf462088d13 434
markrad 0:cdf462088d13 435 if( key == NULL || input == NULL || output == NULL )
markrad 0:cdf462088d13 436 return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
markrad 0:cdf462088d13 437
markrad 0:cdf462088d13 438 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
markrad 0:cdf462088d13 439 if( cipher_info == NULL )
markrad 0:cdf462088d13 440 {
markrad 0:cdf462088d13 441 /* Failing at this point must be due to a build issue */
markrad 0:cdf462088d13 442 ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
markrad 0:cdf462088d13 443 goto exit;
markrad 0:cdf462088d13 444 }
markrad 0:cdf462088d13 445
markrad 0:cdf462088d13 446 if( key_length == MBEDTLS_AES_BLOCK_SIZE )
markrad 0:cdf462088d13 447 {
markrad 0:cdf462088d13 448 /* Use key as is */
markrad 0:cdf462088d13 449 memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
markrad 0:cdf462088d13 450 }
markrad 0:cdf462088d13 451 else
markrad 0:cdf462088d13 452 {
markrad 0:cdf462088d13 453 memset( zero_key, 0, MBEDTLS_AES_BLOCK_SIZE );
markrad 0:cdf462088d13 454
markrad 0:cdf462088d13 455 ret = mbedtls_cipher_cmac( cipher_info, zero_key, 128, key,
markrad 0:cdf462088d13 456 key_length, int_key );
markrad 0:cdf462088d13 457 if( ret != 0 )
markrad 0:cdf462088d13 458 goto exit;
markrad 0:cdf462088d13 459 }
markrad 0:cdf462088d13 460
markrad 0:cdf462088d13 461 ret = mbedtls_cipher_cmac( cipher_info, int_key, 128, input, in_len,
markrad 0:cdf462088d13 462 output );
markrad 0:cdf462088d13 463
markrad 0:cdf462088d13 464 exit:
markrad 0:cdf462088d13 465 mbedtls_zeroize( int_key, sizeof( int_key ) );
markrad 0:cdf462088d13 466
markrad 0:cdf462088d13 467 return( ret );
markrad 0:cdf462088d13 468 }
markrad 0:cdf462088d13 469 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 470
markrad 0:cdf462088d13 471 #if defined(MBEDTLS_SELF_TEST)
markrad 0:cdf462088d13 472 /*
markrad 0:cdf462088d13 473 * CMAC test data for SP800-38B
markrad 0:cdf462088d13 474 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/AES_CMAC.pdf
markrad 0:cdf462088d13 475 * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/TDES_CMAC.pdf
markrad 0:cdf462088d13 476 *
markrad 0:cdf462088d13 477 * AES-CMAC-PRF-128 test data from RFC 4615
markrad 0:cdf462088d13 478 * https://tools.ietf.org/html/rfc4615#page-4
markrad 0:cdf462088d13 479 */
markrad 0:cdf462088d13 480
markrad 0:cdf462088d13 481 #define NB_CMAC_TESTS_PER_KEY 4
markrad 0:cdf462088d13 482 #define NB_PRF_TESTS 3
markrad 0:cdf462088d13 483
markrad 0:cdf462088d13 484 #if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
markrad 0:cdf462088d13 485 /* All CMAC test inputs are truncated from the same 64 byte buffer. */
markrad 0:cdf462088d13 486 static const unsigned char test_message[] = {
markrad 0:cdf462088d13 487 /* PT */
markrad 0:cdf462088d13 488 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
markrad 0:cdf462088d13 489 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
markrad 0:cdf462088d13 490 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
markrad 0:cdf462088d13 491 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
markrad 0:cdf462088d13 492 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
markrad 0:cdf462088d13 493 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
markrad 0:cdf462088d13 494 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
markrad 0:cdf462088d13 495 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
markrad 0:cdf462088d13 496 };
markrad 0:cdf462088d13 497 #endif /* MBEDTLS_AES_C || MBEDTLS_DES_C */
markrad 0:cdf462088d13 498
markrad 0:cdf462088d13 499 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 500 /* Truncation point of message for AES CMAC tests */
markrad 0:cdf462088d13 501 static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
markrad 0:cdf462088d13 502 /* Mlen */
markrad 0:cdf462088d13 503 0,
markrad 0:cdf462088d13 504 16,
markrad 0:cdf462088d13 505 20,
markrad 0:cdf462088d13 506 64
markrad 0:cdf462088d13 507 };
markrad 0:cdf462088d13 508
markrad 0:cdf462088d13 509 /* CMAC-AES128 Test Data */
markrad 0:cdf462088d13 510 static const unsigned char aes_128_key[16] = {
markrad 0:cdf462088d13 511 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
markrad 0:cdf462088d13 512 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
markrad 0:cdf462088d13 513 };
markrad 0:cdf462088d13 514 static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 515 {
markrad 0:cdf462088d13 516 /* K1 */
markrad 0:cdf462088d13 517 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
markrad 0:cdf462088d13 518 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
markrad 0:cdf462088d13 519 },
markrad 0:cdf462088d13 520 {
markrad 0:cdf462088d13 521 /* K2 */
markrad 0:cdf462088d13 522 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
markrad 0:cdf462088d13 523 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
markrad 0:cdf462088d13 524 }
markrad 0:cdf462088d13 525 };
markrad 0:cdf462088d13 526 static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 527 {
markrad 0:cdf462088d13 528 /* Example #1 */
markrad 0:cdf462088d13 529 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
markrad 0:cdf462088d13 530 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
markrad 0:cdf462088d13 531 },
markrad 0:cdf462088d13 532 {
markrad 0:cdf462088d13 533 /* Example #2 */
markrad 0:cdf462088d13 534 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
markrad 0:cdf462088d13 535 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
markrad 0:cdf462088d13 536 },
markrad 0:cdf462088d13 537 {
markrad 0:cdf462088d13 538 /* Example #3 */
markrad 0:cdf462088d13 539 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8,
markrad 0:cdf462088d13 540 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde
markrad 0:cdf462088d13 541 },
markrad 0:cdf462088d13 542 {
markrad 0:cdf462088d13 543 /* Example #4 */
markrad 0:cdf462088d13 544 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
markrad 0:cdf462088d13 545 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
markrad 0:cdf462088d13 546 }
markrad 0:cdf462088d13 547 };
markrad 0:cdf462088d13 548
markrad 0:cdf462088d13 549 /* CMAC-AES192 Test Data */
markrad 0:cdf462088d13 550 static const unsigned char aes_192_key[24] = {
markrad 0:cdf462088d13 551 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
markrad 0:cdf462088d13 552 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
markrad 0:cdf462088d13 553 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
markrad 0:cdf462088d13 554 };
markrad 0:cdf462088d13 555 static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 556 {
markrad 0:cdf462088d13 557 /* K1 */
markrad 0:cdf462088d13 558 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
markrad 0:cdf462088d13 559 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
markrad 0:cdf462088d13 560 },
markrad 0:cdf462088d13 561 {
markrad 0:cdf462088d13 562 /* K2 */
markrad 0:cdf462088d13 563 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
markrad 0:cdf462088d13 564 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
markrad 0:cdf462088d13 565 }
markrad 0:cdf462088d13 566 };
markrad 0:cdf462088d13 567 static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 568 {
markrad 0:cdf462088d13 569 /* Example #1 */
markrad 0:cdf462088d13 570 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
markrad 0:cdf462088d13 571 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
markrad 0:cdf462088d13 572 },
markrad 0:cdf462088d13 573 {
markrad 0:cdf462088d13 574 /* Example #2 */
markrad 0:cdf462088d13 575 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
markrad 0:cdf462088d13 576 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
markrad 0:cdf462088d13 577 },
markrad 0:cdf462088d13 578 {
markrad 0:cdf462088d13 579 /* Example #3 */
markrad 0:cdf462088d13 580 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04,
markrad 0:cdf462088d13 581 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8
markrad 0:cdf462088d13 582 },
markrad 0:cdf462088d13 583 {
markrad 0:cdf462088d13 584 /* Example #4 */
markrad 0:cdf462088d13 585 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
markrad 0:cdf462088d13 586 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
markrad 0:cdf462088d13 587 }
markrad 0:cdf462088d13 588 };
markrad 0:cdf462088d13 589
markrad 0:cdf462088d13 590 /* CMAC-AES256 Test Data */
markrad 0:cdf462088d13 591 static const unsigned char aes_256_key[32] = {
markrad 0:cdf462088d13 592 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
markrad 0:cdf462088d13 593 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
markrad 0:cdf462088d13 594 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
markrad 0:cdf462088d13 595 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
markrad 0:cdf462088d13 596 };
markrad 0:cdf462088d13 597 static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 598 {
markrad 0:cdf462088d13 599 /* K1 */
markrad 0:cdf462088d13 600 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
markrad 0:cdf462088d13 601 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
markrad 0:cdf462088d13 602 },
markrad 0:cdf462088d13 603 {
markrad 0:cdf462088d13 604 /* K2 */
markrad 0:cdf462088d13 605 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
markrad 0:cdf462088d13 606 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
markrad 0:cdf462088d13 607 }
markrad 0:cdf462088d13 608 };
markrad 0:cdf462088d13 609 static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
markrad 0:cdf462088d13 610 {
markrad 0:cdf462088d13 611 /* Example #1 */
markrad 0:cdf462088d13 612 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
markrad 0:cdf462088d13 613 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
markrad 0:cdf462088d13 614 },
markrad 0:cdf462088d13 615 {
markrad 0:cdf462088d13 616 /* Example #2 */
markrad 0:cdf462088d13 617 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
markrad 0:cdf462088d13 618 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
markrad 0:cdf462088d13 619 },
markrad 0:cdf462088d13 620 {
markrad 0:cdf462088d13 621 /* Example #3 */
markrad 0:cdf462088d13 622 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a,
markrad 0:cdf462088d13 623 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93
markrad 0:cdf462088d13 624 },
markrad 0:cdf462088d13 625 {
markrad 0:cdf462088d13 626 /* Example #4 */
markrad 0:cdf462088d13 627 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
markrad 0:cdf462088d13 628 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
markrad 0:cdf462088d13 629 }
markrad 0:cdf462088d13 630 };
markrad 0:cdf462088d13 631 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 632
markrad 0:cdf462088d13 633 #if defined(MBEDTLS_DES_C)
markrad 0:cdf462088d13 634 /* Truncation point of message for 3DES CMAC tests */
markrad 0:cdf462088d13 635 static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
markrad 0:cdf462088d13 636 0,
markrad 0:cdf462088d13 637 16,
markrad 0:cdf462088d13 638 20,
markrad 0:cdf462088d13 639 32
markrad 0:cdf462088d13 640 };
markrad 0:cdf462088d13 641
markrad 0:cdf462088d13 642 /* CMAC-TDES (Generation) - 2 Key Test Data */
markrad 0:cdf462088d13 643 static const unsigned char des3_2key_key[24] = {
markrad 0:cdf462088d13 644 /* Key1 */
markrad 0:cdf462088d13 645 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
markrad 0:cdf462088d13 646 /* Key2 */
markrad 0:cdf462088d13 647 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01,
markrad 0:cdf462088d13 648 /* Key3 */
markrad 0:cdf462088d13 649 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
markrad 0:cdf462088d13 650 };
markrad 0:cdf462088d13 651 static const unsigned char des3_2key_subkeys[2][8] = {
markrad 0:cdf462088d13 652 {
markrad 0:cdf462088d13 653 /* K1 */
markrad 0:cdf462088d13 654 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9
markrad 0:cdf462088d13 655 },
markrad 0:cdf462088d13 656 {
markrad 0:cdf462088d13 657 /* K2 */
markrad 0:cdf462088d13 658 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
markrad 0:cdf462088d13 659 }
markrad 0:cdf462088d13 660 };
markrad 0:cdf462088d13 661 static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
markrad 0:cdf462088d13 662 {
markrad 0:cdf462088d13 663 /* Sample #1 */
markrad 0:cdf462088d13 664 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
markrad 0:cdf462088d13 665 },
markrad 0:cdf462088d13 666 {
markrad 0:cdf462088d13 667 /* Sample #2 */
markrad 0:cdf462088d13 668 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b
markrad 0:cdf462088d13 669 },
markrad 0:cdf462088d13 670 {
markrad 0:cdf462088d13 671 /* Sample #3 */
markrad 0:cdf462088d13 672 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69
markrad 0:cdf462088d13 673 },
markrad 0:cdf462088d13 674 {
markrad 0:cdf462088d13 675 /* Sample #4 */
markrad 0:cdf462088d13 676 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
markrad 0:cdf462088d13 677 }
markrad 0:cdf462088d13 678 };
markrad 0:cdf462088d13 679
markrad 0:cdf462088d13 680 /* CMAC-TDES (Generation) - 3 Key Test Data */
markrad 0:cdf462088d13 681 static const unsigned char des3_3key_key[24] = {
markrad 0:cdf462088d13 682 /* Key1 */
markrad 0:cdf462088d13 683 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef,
markrad 0:cdf462088d13 684 /* Key2 */
markrad 0:cdf462088d13 685 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
markrad 0:cdf462088d13 686 /* Key3 */
markrad 0:cdf462088d13 687 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
markrad 0:cdf462088d13 688 };
markrad 0:cdf462088d13 689 static const unsigned char des3_3key_subkeys[2][8] = {
markrad 0:cdf462088d13 690 {
markrad 0:cdf462088d13 691 /* K1 */
markrad 0:cdf462088d13 692 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0
markrad 0:cdf462088d13 693 },
markrad 0:cdf462088d13 694 {
markrad 0:cdf462088d13 695 /* K2 */
markrad 0:cdf462088d13 696 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
markrad 0:cdf462088d13 697 }
markrad 0:cdf462088d13 698 };
markrad 0:cdf462088d13 699 static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
markrad 0:cdf462088d13 700 {
markrad 0:cdf462088d13 701 /* Sample #1 */
markrad 0:cdf462088d13 702 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
markrad 0:cdf462088d13 703 },
markrad 0:cdf462088d13 704 {
markrad 0:cdf462088d13 705 /* Sample #2 */
markrad 0:cdf462088d13 706 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09
markrad 0:cdf462088d13 707 },
markrad 0:cdf462088d13 708 {
markrad 0:cdf462088d13 709 /* Sample #3 */
markrad 0:cdf462088d13 710 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2
markrad 0:cdf462088d13 711 },
markrad 0:cdf462088d13 712 {
markrad 0:cdf462088d13 713 /* Sample #4 */
markrad 0:cdf462088d13 714 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
markrad 0:cdf462088d13 715 }
markrad 0:cdf462088d13 716 };
markrad 0:cdf462088d13 717
markrad 0:cdf462088d13 718 #endif /* MBEDTLS_DES_C */
markrad 0:cdf462088d13 719
markrad 0:cdf462088d13 720 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 721 /* AES AES-CMAC-PRF-128 Test Data */
markrad 0:cdf462088d13 722 static const unsigned char PRFK[] = {
markrad 0:cdf462088d13 723 /* Key */
markrad 0:cdf462088d13 724 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
markrad 0:cdf462088d13 725 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
markrad 0:cdf462088d13 726 0xed, 0xcb
markrad 0:cdf462088d13 727 };
markrad 0:cdf462088d13 728
markrad 0:cdf462088d13 729 /* Sizes in bytes */
markrad 0:cdf462088d13 730 static const size_t PRFKlen[NB_PRF_TESTS] = {
markrad 0:cdf462088d13 731 18,
markrad 0:cdf462088d13 732 16,
markrad 0:cdf462088d13 733 10
markrad 0:cdf462088d13 734 };
markrad 0:cdf462088d13 735
markrad 0:cdf462088d13 736 /* Message */
markrad 0:cdf462088d13 737 static const unsigned char PRFM[] = {
markrad 0:cdf462088d13 738 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
markrad 0:cdf462088d13 739 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
markrad 0:cdf462088d13 740 0x10, 0x11, 0x12, 0x13
markrad 0:cdf462088d13 741 };
markrad 0:cdf462088d13 742
markrad 0:cdf462088d13 743 static const unsigned char PRFT[NB_PRF_TESTS][16] = {
markrad 0:cdf462088d13 744 {
markrad 0:cdf462088d13 745 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
markrad 0:cdf462088d13 746 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
markrad 0:cdf462088d13 747 },
markrad 0:cdf462088d13 748 {
markrad 0:cdf462088d13 749 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
markrad 0:cdf462088d13 750 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
markrad 0:cdf462088d13 751 },
markrad 0:cdf462088d13 752 {
markrad 0:cdf462088d13 753 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
markrad 0:cdf462088d13 754 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
markrad 0:cdf462088d13 755 }
markrad 0:cdf462088d13 756 };
markrad 0:cdf462088d13 757 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 758
markrad 0:cdf462088d13 759 static int cmac_test_subkeys( int verbose,
markrad 0:cdf462088d13 760 const char* testname,
markrad 0:cdf462088d13 761 const unsigned char* key,
markrad 0:cdf462088d13 762 int keybits,
markrad 0:cdf462088d13 763 const unsigned char* subkeys,
markrad 0:cdf462088d13 764 mbedtls_cipher_type_t cipher_type,
markrad 0:cdf462088d13 765 int block_size,
markrad 0:cdf462088d13 766 int num_tests )
markrad 0:cdf462088d13 767 {
markrad 0:cdf462088d13 768 int i, ret;
markrad 0:cdf462088d13 769 mbedtls_cipher_context_t ctx;
markrad 0:cdf462088d13 770 const mbedtls_cipher_info_t *cipher_info;
markrad 0:cdf462088d13 771 unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 772 unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 773
markrad 0:cdf462088d13 774 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
markrad 0:cdf462088d13 775 if( cipher_info == NULL )
markrad 0:cdf462088d13 776 {
markrad 0:cdf462088d13 777 /* Failing at this point must be due to a build issue */
markrad 0:cdf462088d13 778 return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
markrad 0:cdf462088d13 779 }
markrad 0:cdf462088d13 780
markrad 0:cdf462088d13 781 for( i = 0; i < num_tests; i++ )
markrad 0:cdf462088d13 782 {
markrad 0:cdf462088d13 783 if( verbose != 0 )
markrad 0:cdf462088d13 784 mbedtls_printf( " %s CMAC subkey #%u: ", testname, i + 1 );
markrad 0:cdf462088d13 785
markrad 0:cdf462088d13 786 mbedtls_cipher_init( &ctx );
markrad 0:cdf462088d13 787
markrad 0:cdf462088d13 788 if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
markrad 0:cdf462088d13 789 {
markrad 0:cdf462088d13 790 if( verbose != 0 )
markrad 0:cdf462088d13 791 mbedtls_printf( "test execution failed\n" );
markrad 0:cdf462088d13 792
markrad 0:cdf462088d13 793 goto cleanup;
markrad 0:cdf462088d13 794 }
markrad 0:cdf462088d13 795
markrad 0:cdf462088d13 796 if( ( ret = mbedtls_cipher_setkey( &ctx, key, keybits,
markrad 0:cdf462088d13 797 MBEDTLS_ENCRYPT ) ) != 0 )
markrad 0:cdf462088d13 798 {
markrad 0:cdf462088d13 799 if( verbose != 0 )
markrad 0:cdf462088d13 800 mbedtls_printf( "test execution failed\n" );
markrad 0:cdf462088d13 801
markrad 0:cdf462088d13 802 goto cleanup;
markrad 0:cdf462088d13 803 }
markrad 0:cdf462088d13 804
markrad 0:cdf462088d13 805 ret = cmac_generate_subkeys( &ctx, K1, K2 );
markrad 0:cdf462088d13 806 if( ret != 0 )
markrad 0:cdf462088d13 807 {
markrad 0:cdf462088d13 808 if( verbose != 0 )
markrad 0:cdf462088d13 809 mbedtls_printf( "failed\n" );
markrad 0:cdf462088d13 810
markrad 0:cdf462088d13 811 goto cleanup;
markrad 0:cdf462088d13 812 }
markrad 0:cdf462088d13 813
markrad 0:cdf462088d13 814 if( ( ret = memcmp( K1, subkeys, block_size ) ) != 0 ||
markrad 0:cdf462088d13 815 ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
markrad 0:cdf462088d13 816 {
markrad 0:cdf462088d13 817 if( verbose != 0 )
markrad 0:cdf462088d13 818 mbedtls_printf( "failed\n" );
markrad 0:cdf462088d13 819
markrad 0:cdf462088d13 820 goto cleanup;
markrad 0:cdf462088d13 821 }
markrad 0:cdf462088d13 822
markrad 0:cdf462088d13 823 if( verbose != 0 )
markrad 0:cdf462088d13 824 mbedtls_printf( "passed\n" );
markrad 0:cdf462088d13 825
markrad 0:cdf462088d13 826 mbedtls_cipher_free( &ctx );
markrad 0:cdf462088d13 827 }
markrad 0:cdf462088d13 828
markrad 0:cdf462088d13 829 goto exit;
markrad 0:cdf462088d13 830
markrad 0:cdf462088d13 831 cleanup:
markrad 0:cdf462088d13 832 mbedtls_cipher_free( &ctx );
markrad 0:cdf462088d13 833
markrad 0:cdf462088d13 834 exit:
markrad 0:cdf462088d13 835 return( ret );
markrad 0:cdf462088d13 836 }
markrad 0:cdf462088d13 837
markrad 0:cdf462088d13 838 static int cmac_test_wth_cipher( int verbose,
markrad 0:cdf462088d13 839 const char* testname,
markrad 0:cdf462088d13 840 const unsigned char* key,
markrad 0:cdf462088d13 841 int keybits,
markrad 0:cdf462088d13 842 const unsigned char* messages,
markrad 0:cdf462088d13 843 const unsigned int message_lengths[4],
markrad 0:cdf462088d13 844 const unsigned char* expected_result,
markrad 0:cdf462088d13 845 mbedtls_cipher_type_t cipher_type,
markrad 0:cdf462088d13 846 int block_size,
markrad 0:cdf462088d13 847 int num_tests )
markrad 0:cdf462088d13 848 {
markrad 0:cdf462088d13 849 const mbedtls_cipher_info_t *cipher_info;
markrad 0:cdf462088d13 850 int i, ret;
markrad 0:cdf462088d13 851 unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
markrad 0:cdf462088d13 852
markrad 0:cdf462088d13 853 cipher_info = mbedtls_cipher_info_from_type( cipher_type );
markrad 0:cdf462088d13 854 if( cipher_info == NULL )
markrad 0:cdf462088d13 855 {
markrad 0:cdf462088d13 856 /* Failing at this point must be due to a build issue */
markrad 0:cdf462088d13 857 ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
markrad 0:cdf462088d13 858 goto exit;
markrad 0:cdf462088d13 859 }
markrad 0:cdf462088d13 860
markrad 0:cdf462088d13 861 for( i = 0; i < num_tests; i++ )
markrad 0:cdf462088d13 862 {
markrad 0:cdf462088d13 863 if( verbose != 0 )
markrad 0:cdf462088d13 864 mbedtls_printf( " %s CMAC #%u: ", testname, i + 1 );
markrad 0:cdf462088d13 865
markrad 0:cdf462088d13 866 if( ( ret = mbedtls_cipher_cmac( cipher_info, key, keybits, messages,
markrad 0:cdf462088d13 867 message_lengths[i], output ) ) != 0 )
markrad 0:cdf462088d13 868 {
markrad 0:cdf462088d13 869 if( verbose != 0 )
markrad 0:cdf462088d13 870 mbedtls_printf( "failed\n" );
markrad 0:cdf462088d13 871 goto exit;
markrad 0:cdf462088d13 872 }
markrad 0:cdf462088d13 873
markrad 0:cdf462088d13 874 if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
markrad 0:cdf462088d13 875 {
markrad 0:cdf462088d13 876 if( verbose != 0 )
markrad 0:cdf462088d13 877 mbedtls_printf( "failed\n" );
markrad 0:cdf462088d13 878 goto exit;
markrad 0:cdf462088d13 879 }
markrad 0:cdf462088d13 880
markrad 0:cdf462088d13 881 if( verbose != 0 )
markrad 0:cdf462088d13 882 mbedtls_printf( "passed\n" );
markrad 0:cdf462088d13 883 }
markrad 0:cdf462088d13 884
markrad 0:cdf462088d13 885 exit:
markrad 0:cdf462088d13 886 return( ret );
markrad 0:cdf462088d13 887 }
markrad 0:cdf462088d13 888
markrad 0:cdf462088d13 889 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 890 static int test_aes128_cmac_prf( int verbose )
markrad 0:cdf462088d13 891 {
markrad 0:cdf462088d13 892 int i;
markrad 0:cdf462088d13 893 int ret;
markrad 0:cdf462088d13 894 unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
markrad 0:cdf462088d13 895
markrad 0:cdf462088d13 896 for( i = 0; i < NB_PRF_TESTS; i++ )
markrad 0:cdf462088d13 897 {
markrad 0:cdf462088d13 898 mbedtls_printf( " AES CMAC 128 PRF #%u: ", i );
markrad 0:cdf462088d13 899 ret = mbedtls_aes_cmac_prf_128( PRFK, PRFKlen[i], PRFM, 20, output );
markrad 0:cdf462088d13 900 if( ret != 0 ||
markrad 0:cdf462088d13 901 memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
markrad 0:cdf462088d13 902 {
markrad 0:cdf462088d13 903
markrad 0:cdf462088d13 904 if( verbose != 0 )
markrad 0:cdf462088d13 905 mbedtls_printf( "failed\n" );
markrad 0:cdf462088d13 906
markrad 0:cdf462088d13 907 return( ret );
markrad 0:cdf462088d13 908 }
markrad 0:cdf462088d13 909 else if( verbose != 0 )
markrad 0:cdf462088d13 910 {
markrad 0:cdf462088d13 911 mbedtls_printf( "passed\n" );
markrad 0:cdf462088d13 912 }
markrad 0:cdf462088d13 913 }
markrad 0:cdf462088d13 914 return( ret );
markrad 0:cdf462088d13 915 }
markrad 0:cdf462088d13 916 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 917
markrad 0:cdf462088d13 918 int mbedtls_cmac_self_test( int verbose )
markrad 0:cdf462088d13 919 {
markrad 0:cdf462088d13 920 int ret;
markrad 0:cdf462088d13 921
markrad 0:cdf462088d13 922 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 923 /* AES-128 */
markrad 0:cdf462088d13 924 if( ( ret = cmac_test_subkeys( verbose,
markrad 0:cdf462088d13 925 "AES 128",
markrad 0:cdf462088d13 926 aes_128_key,
markrad 0:cdf462088d13 927 128,
markrad 0:cdf462088d13 928 (const unsigned char*)aes_128_subkeys,
markrad 0:cdf462088d13 929 MBEDTLS_CIPHER_AES_128_ECB,
markrad 0:cdf462088d13 930 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 931 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 932 {
markrad 0:cdf462088d13 933 return( ret );
markrad 0:cdf462088d13 934 }
markrad 0:cdf462088d13 935
markrad 0:cdf462088d13 936 if( ( ret = cmac_test_wth_cipher( verbose,
markrad 0:cdf462088d13 937 "AES 128",
markrad 0:cdf462088d13 938 aes_128_key,
markrad 0:cdf462088d13 939 128,
markrad 0:cdf462088d13 940 test_message,
markrad 0:cdf462088d13 941 aes_message_lengths,
markrad 0:cdf462088d13 942 (const unsigned char*)aes_128_expected_result,
markrad 0:cdf462088d13 943 MBEDTLS_CIPHER_AES_128_ECB,
markrad 0:cdf462088d13 944 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 945 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 946 {
markrad 0:cdf462088d13 947 return( ret );
markrad 0:cdf462088d13 948 }
markrad 0:cdf462088d13 949
markrad 0:cdf462088d13 950 /* AES-192 */
markrad 0:cdf462088d13 951 if( ( ret = cmac_test_subkeys( verbose,
markrad 0:cdf462088d13 952 "AES 192",
markrad 0:cdf462088d13 953 aes_192_key,
markrad 0:cdf462088d13 954 192,
markrad 0:cdf462088d13 955 (const unsigned char*)aes_192_subkeys,
markrad 0:cdf462088d13 956 MBEDTLS_CIPHER_AES_192_ECB,
markrad 0:cdf462088d13 957 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 958 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 959 {
markrad 0:cdf462088d13 960 return( ret );
markrad 0:cdf462088d13 961 }
markrad 0:cdf462088d13 962
markrad 0:cdf462088d13 963 if( ( ret = cmac_test_wth_cipher( verbose,
markrad 0:cdf462088d13 964 "AES 192",
markrad 0:cdf462088d13 965 aes_192_key,
markrad 0:cdf462088d13 966 192,
markrad 0:cdf462088d13 967 test_message,
markrad 0:cdf462088d13 968 aes_message_lengths,
markrad 0:cdf462088d13 969 (const unsigned char*)aes_192_expected_result,
markrad 0:cdf462088d13 970 MBEDTLS_CIPHER_AES_192_ECB,
markrad 0:cdf462088d13 971 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 972 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 973 {
markrad 0:cdf462088d13 974 return( ret );
markrad 0:cdf462088d13 975 }
markrad 0:cdf462088d13 976
markrad 0:cdf462088d13 977 /* AES-256 */
markrad 0:cdf462088d13 978 if( ( ret = cmac_test_subkeys( verbose,
markrad 0:cdf462088d13 979 "AES 256",
markrad 0:cdf462088d13 980 aes_256_key,
markrad 0:cdf462088d13 981 256,
markrad 0:cdf462088d13 982 (const unsigned char*)aes_256_subkeys,
markrad 0:cdf462088d13 983 MBEDTLS_CIPHER_AES_256_ECB,
markrad 0:cdf462088d13 984 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 985 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 986 {
markrad 0:cdf462088d13 987 return( ret );
markrad 0:cdf462088d13 988 }
markrad 0:cdf462088d13 989
markrad 0:cdf462088d13 990 if( ( ret = cmac_test_wth_cipher ( verbose,
markrad 0:cdf462088d13 991 "AES 256",
markrad 0:cdf462088d13 992 aes_256_key,
markrad 0:cdf462088d13 993 256,
markrad 0:cdf462088d13 994 test_message,
markrad 0:cdf462088d13 995 aes_message_lengths,
markrad 0:cdf462088d13 996 (const unsigned char*)aes_256_expected_result,
markrad 0:cdf462088d13 997 MBEDTLS_CIPHER_AES_256_ECB,
markrad 0:cdf462088d13 998 MBEDTLS_AES_BLOCK_SIZE,
markrad 0:cdf462088d13 999 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 1000 {
markrad 0:cdf462088d13 1001 return( ret );
markrad 0:cdf462088d13 1002 }
markrad 0:cdf462088d13 1003 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 1004
markrad 0:cdf462088d13 1005 #if defined(MBEDTLS_DES_C)
markrad 0:cdf462088d13 1006 /* 3DES 2 key */
markrad 0:cdf462088d13 1007 if( ( ret = cmac_test_subkeys( verbose,
markrad 0:cdf462088d13 1008 "3DES 2 key",
markrad 0:cdf462088d13 1009 des3_2key_key,
markrad 0:cdf462088d13 1010 192,
markrad 0:cdf462088d13 1011 (const unsigned char*)des3_2key_subkeys,
markrad 0:cdf462088d13 1012 MBEDTLS_CIPHER_DES_EDE3_ECB,
markrad 0:cdf462088d13 1013 MBEDTLS_DES3_BLOCK_SIZE,
markrad 0:cdf462088d13 1014 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 1015 {
markrad 0:cdf462088d13 1016 return( ret );
markrad 0:cdf462088d13 1017 }
markrad 0:cdf462088d13 1018
markrad 0:cdf462088d13 1019 if( ( ret = cmac_test_wth_cipher( verbose,
markrad 0:cdf462088d13 1020 "3DES 2 key",
markrad 0:cdf462088d13 1021 des3_2key_key,
markrad 0:cdf462088d13 1022 192,
markrad 0:cdf462088d13 1023 test_message,
markrad 0:cdf462088d13 1024 des3_message_lengths,
markrad 0:cdf462088d13 1025 (const unsigned char*)des3_2key_expected_result,
markrad 0:cdf462088d13 1026 MBEDTLS_CIPHER_DES_EDE3_ECB,
markrad 0:cdf462088d13 1027 MBEDTLS_DES3_BLOCK_SIZE,
markrad 0:cdf462088d13 1028 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 1029 {
markrad 0:cdf462088d13 1030 return( ret );
markrad 0:cdf462088d13 1031 }
markrad 0:cdf462088d13 1032
markrad 0:cdf462088d13 1033 /* 3DES 3 key */
markrad 0:cdf462088d13 1034 if( ( ret = cmac_test_subkeys( verbose,
markrad 0:cdf462088d13 1035 "3DES 3 key",
markrad 0:cdf462088d13 1036 des3_3key_key,
markrad 0:cdf462088d13 1037 192,
markrad 0:cdf462088d13 1038 (const unsigned char*)des3_3key_subkeys,
markrad 0:cdf462088d13 1039 MBEDTLS_CIPHER_DES_EDE3_ECB,
markrad 0:cdf462088d13 1040 MBEDTLS_DES3_BLOCK_SIZE,
markrad 0:cdf462088d13 1041 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 1042 {
markrad 0:cdf462088d13 1043 return( ret );
markrad 0:cdf462088d13 1044 }
markrad 0:cdf462088d13 1045
markrad 0:cdf462088d13 1046 if( ( ret = cmac_test_wth_cipher( verbose,
markrad 0:cdf462088d13 1047 "3DES 3 key",
markrad 0:cdf462088d13 1048 des3_3key_key,
markrad 0:cdf462088d13 1049 192,
markrad 0:cdf462088d13 1050 test_message,
markrad 0:cdf462088d13 1051 des3_message_lengths,
markrad 0:cdf462088d13 1052 (const unsigned char*)des3_3key_expected_result,
markrad 0:cdf462088d13 1053 MBEDTLS_CIPHER_DES_EDE3_ECB,
markrad 0:cdf462088d13 1054 MBEDTLS_DES3_BLOCK_SIZE,
markrad 0:cdf462088d13 1055 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
markrad 0:cdf462088d13 1056 {
markrad 0:cdf462088d13 1057 return( ret );
markrad 0:cdf462088d13 1058 }
markrad 0:cdf462088d13 1059 #endif /* MBEDTLS_DES_C */
markrad 0:cdf462088d13 1060
markrad 0:cdf462088d13 1061 #if defined(MBEDTLS_AES_C)
markrad 0:cdf462088d13 1062 if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
markrad 0:cdf462088d13 1063 return( ret );
markrad 0:cdf462088d13 1064 #endif /* MBEDTLS_AES_C */
markrad 0:cdf462088d13 1065
markrad 0:cdf462088d13 1066 if( verbose != 0 )
markrad 0:cdf462088d13 1067 mbedtls_printf( "\n" );
markrad 0:cdf462088d13 1068
markrad 0:cdf462088d13 1069 return( 0 );
markrad 0:cdf462088d13 1070 }
markrad 0:cdf462088d13 1071
markrad 0:cdf462088d13 1072 #endif /* MBEDTLS_SELF_TEST */
markrad 0:cdf462088d13 1073
markrad 0:cdf462088d13 1074 #endif /* MBEDTLS_CMAC_C */