cmac.h

00001 /**
00002  * \file cmac.h
00003  *
00004  * \brief This file contains CMAC definitions and functions.
00005  *
00006  * The Cipher-based Message Authentication Code (CMAC) Mode for
00007  * Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
00008  */
00009 /*
00010  *  Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
00011  *  SPDX-License-Identifier: Apache-2.0
00012  *
00013  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
00014  *  not use this file except in compliance with the License.
00015  *  You may obtain a copy of the License at
00016  *
00017  *  http://www.apache.org/licenses/LICENSE-2.0
00018  *
00019  *  Unless required by applicable law or agreed to in writing, software
00020  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
00021  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00022  *  See the License for the specific language governing permissions and
00023  *  limitations under the License.
00024  *
00025  *  This file is part of Mbed TLS (https://tls.mbed.org)
00026  */
00027 
00028 #ifndef MBEDTLS_CMAC_H
00029 #define MBEDTLS_CMAC_H
00030 
00031 #if !defined(MBEDTLS_CONFIG_FILE)
00032 #include "mbedtls/config.h"
00033 #else
00034 #include MBEDTLS_CONFIG_FILE
00035 #endif
00036 
00037 #include "mbedtls/cipher.h"
00038 
00039 #ifdef __cplusplus
00040 extern "C" {
00041 #endif
00042 
00043 /* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
00044 #define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A  /**< CMAC hardware accelerator failed. */
00045 
00046 #define MBEDTLS_AES_BLOCK_SIZE          16
00047 #define MBEDTLS_DES3_BLOCK_SIZE         8
00048 
00049 #if defined(MBEDTLS_AES_C)
00050 #define MBEDTLS_CIPHER_BLKSIZE_MAX      16  /**< The longest block used by CMAC is that of AES. */
00051 #else
00052 #define MBEDTLS_CIPHER_BLKSIZE_MAX      8   /**< The longest block used by CMAC is that of 3DES. */
00053 #endif
00054 
00055 #if !defined(MBEDTLS_CMAC_ALT)
00056 
00057 /**
00058  * The CMAC context structure.
00059  */
00060 struct mbedtls_cmac_context_t
00061 {
00062     /** The internal state of the CMAC algorithm.  */
00063     unsigned char       state[MBEDTLS_CIPHER_BLKSIZE_MAX];
00064 
00065     /** Unprocessed data - either data that was not block aligned and is still
00066      *  pending processing, or the final block. */
00067     unsigned char       unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
00068 
00069     /** The length of data pending processing. */
00070     size_t              unprocessed_len;
00071 };
00072 
00073 #else  /* !MBEDTLS_CMAC_ALT */
00074 #include "cmac_alt.h"
00075 #endif /* !MBEDTLS_CMAC_ALT */
00076 
00077 /**
00078  * \brief               This function sets the CMAC key, and prepares to authenticate
00079  *                      the input data.
00080  *                      Must be called with an initialized cipher context.
00081  *
00082  * \param ctx           The cipher context used for the CMAC operation, initialized
00083  *                      as one of the following types: MBEDTLS_CIPHER_AES_128_ECB,
00084  *                      MBEDTLS_CIPHER_AES_192_ECB, MBEDTLS_CIPHER_AES_256_ECB,
00085  *                      or MBEDTLS_CIPHER_DES_EDE3_ECB.
00086  * \param key           The CMAC key.
00087  * \param keybits       The length of the CMAC key in bits.
00088  *                      Must be supported by the cipher.
00089  *
00090  * \return              \c 0 on success.
00091  * \return              A cipher-specific error code on failure.
00092  */
00093 int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
00094                                 const unsigned char *key, size_t keybits );
00095 
00096 /**
00097  * \brief               This function feeds an input buffer into an ongoing CMAC
00098  *                      computation.
00099  *
00100  *                      It is called between mbedtls_cipher_cmac_starts() or
00101  *                      mbedtls_cipher_cmac_reset(), and mbedtls_cipher_cmac_finish().
00102  *                      Can be called repeatedly.
00103  *
00104  * \param ctx           The cipher context used for the CMAC operation.
00105  * \param input         The buffer holding the input data.
00106  * \param ilen          The length of the input data.
00107  *
00108  * \return             \c 0 on success.
00109  * \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
00110  *                     if parameter verification fails.
00111  */
00112 int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
00113                                 const unsigned char *input, size_t ilen );
00114 
00115 /**
00116  * \brief               This function finishes the CMAC operation, and writes
00117  *                      the result to the output buffer.
00118  *
00119  *                      It is called after mbedtls_cipher_cmac_update().
00120  *                      It can be followed by mbedtls_cipher_cmac_reset() and
00121  *                      mbedtls_cipher_cmac_update(), or mbedtls_cipher_free().
00122  *
00123  * \param ctx           The cipher context used for the CMAC operation.
00124  * \param output        The output buffer for the CMAC checksum result.
00125  *
00126  * \return              \c 0 on success.
00127  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
00128  *                      if parameter verification fails.
00129  */
00130 int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
00131                                 unsigned char *output );
00132 
00133 /**
00134  * \brief               This function prepares the authentication of another
00135  *                      message with the same key as the previous CMAC
00136  *                      operation.
00137  *
00138  *                      It is called after mbedtls_cipher_cmac_finish()
00139  *                      and before mbedtls_cipher_cmac_update().
00140  *
00141  * \param ctx           The cipher context used for the CMAC operation.
00142  *
00143  * \return              \c 0 on success.
00144  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
00145  *                      if parameter verification fails.
00146  */
00147 int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
00148 
00149 /**
00150  * \brief               This function calculates the full generic CMAC
00151  *                      on the input buffer with the provided key.
00152  *
00153  *                      The function allocates the context, performs the
00154  *                      calculation, and frees the context.
00155  *
00156  *                      The CMAC result is calculated as
00157  *                      output = generic CMAC(cmac key, input buffer).
00158  *
00159  *
00160  * \param cipher_info   The cipher information.
00161  * \param key           The CMAC key.
00162  * \param keylen        The length of the CMAC key in bits.
00163  * \param input         The buffer holding the input data.
00164  * \param ilen          The length of the input data.
00165  * \param output        The buffer for the generic CMAC result.
00166  *
00167  * \return              \c 0 on success.
00168  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
00169  *                      if parameter verification fails.
00170  */
00171 int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
00172                          const unsigned char *key, size_t keylen,
00173                          const unsigned char *input, size_t ilen,
00174                          unsigned char *output );
00175 
00176 #if defined(MBEDTLS_AES_C)
00177 /**
00178  * \brief           This function implements the AES-CMAC-PRF-128 pseudorandom
00179  *                  function, as defined in
00180  *                  <em>RFC-4615: The Advanced Encryption Standard-Cipher-based
00181  *                  Message Authentication Code-Pseudo-Random Function-128
00182  *                  (AES-CMAC-PRF-128) Algorithm for the Internet Key
00183  *                  Exchange Protocol (IKE).</em>
00184  *
00185  * \param key       The key to use.
00186  * \param key_len   The key length in Bytes.
00187  * \param input     The buffer holding the input data.
00188  * \param in_len    The length of the input data in Bytes.
00189  * \param output    The buffer holding the generated 16 Bytes of
00190  *                  pseudorandom output.
00191  *
00192  * \return          \c 0 on success.
00193  */
00194 int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
00195                               const unsigned char *input, size_t in_len,
00196                               unsigned char output[16] );
00197 #endif /* MBEDTLS_AES_C */
00198 
00199 #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
00200 /**
00201  * \brief          The CMAC checkup routine.
00202  *
00203  * \return         \c 0 on success.
00204  * \return         \c 1 on failure.
00205  */
00206 int mbedtls_cmac_self_test( int verbose );
00207 #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
00208 
00209 #ifdef __cplusplus
00210 }
00211 #endif
00212 
00213 #endif /* MBEDTLS_CMAC_H */