wolf SSL
/
wolfSSL-TLS13-Beta
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Embed:
(wiki syntax)
Show/hide line numbers
cmac.c
00001 /* cmac.c 00002 * 00003 * Copyright (C) 2006-2016 wolfSSL Inc. 00004 * 00005 * This file is part of wolfSSL. 00006 * 00007 * wolfSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * wolfSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 00020 */ 00021 00022 00023 #ifdef HAVE_CONFIG_H 00024 #include <config.h> 00025 #endif 00026 00027 #include <wolfssl/wolfcrypt/settings.h> 00028 00029 #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) 00030 00031 #ifdef NO_INLINE 00032 #include <wolfssl/wolfcrypt/misc.h> 00033 #else 00034 #define WOLFSSL_MISC_INCLUDED 00035 #include <wolfcrypt/src/misc.c> 00036 #endif 00037 00038 #include <wolfssl/wolfcrypt/error-crypt.h> 00039 #include <wolfssl/wolfcrypt/aes.h> 00040 #include <wolfssl/wolfcrypt/cmac.h> 00041 00042 00043 static void ShiftAndXorRb(byte* out, byte* in) 00044 { 00045 int i, j, xorRb; 00046 int mask = 0, last = 0; 00047 byte Rb = 0x87; 00048 00049 xorRb = (in[0] & 0x80) != 0; 00050 00051 for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) { 00052 last = (in[j] & 0x80) ? 1 : 0; 00053 out[j] = (in[j] << 1) | mask; 00054 mask = last; 00055 if (xorRb) { 00056 out[j] ^= Rb; 00057 Rb = 0; 00058 } 00059 } 00060 } 00061 00062 00063 int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, 00064 int type, void* unused) 00065 { 00066 int ret; 00067 00068 (void)unused; 00069 00070 if (cmac == NULL || key == NULL || keySz == 0 || type != WC_CMAC_AES) 00071 return BAD_FUNC_ARG; 00072 00073 XMEMSET(cmac, 0, sizeof(Cmac)); 00074 ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); 00075 if (ret == 0) { 00076 byte l[AES_BLOCK_SIZE]; 00077 00078 XMEMSET(l, 0, AES_BLOCK_SIZE); 00079 wc_AesEncryptDirect(&cmac->aes, l, l); 00080 ShiftAndXorRb(cmac->k1, l); 00081 ShiftAndXorRb(cmac->k2, cmac->k1); 00082 ForceZero(l, AES_BLOCK_SIZE); 00083 } 00084 return ret; 00085 } 00086 00087 00088 int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) 00089 { 00090 if ((cmac == NULL) || (in == NULL && inSz != 0)) 00091 return BAD_FUNC_ARG; 00092 00093 while (inSz != 0) { 00094 word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); 00095 XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); 00096 00097 cmac->bufferSz += add; 00098 in += add; 00099 inSz -= add; 00100 00101 if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { 00102 if (cmac->totalSz != 0) 00103 xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); 00104 wc_AesEncryptDirect(&cmac->aes, 00105 cmac->digest, 00106 cmac->buffer); 00107 cmac->totalSz += AES_BLOCK_SIZE; 00108 cmac->bufferSz = 0; 00109 } 00110 } 00111 00112 return 0; 00113 } 00114 00115 00116 int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) 00117 { 00118 const byte* subKey; 00119 00120 if (cmac == NULL || out == NULL) 00121 return BAD_FUNC_ARG; 00122 00123 if (outSz != NULL && *outSz < AES_BLOCK_SIZE) 00124 return BUFFER_E; 00125 00126 if (cmac->bufferSz == AES_BLOCK_SIZE) { 00127 subKey = cmac->k1; 00128 } 00129 else { 00130 word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz; 00131 00132 if (remainder == 0) 00133 remainder = AES_BLOCK_SIZE; 00134 00135 if (remainder > 1) 00136 XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); 00137 cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; 00138 subKey = cmac->k2; 00139 } 00140 xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); 00141 xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); 00142 wc_AesEncryptDirect(&cmac->aes, out, cmac->buffer); 00143 00144 if (outSz != NULL) 00145 *outSz = AES_BLOCK_SIZE; 00146 ForceZero(cmac, sizeof(Cmac)); 00147 00148 return 0; 00149 } 00150 00151 00152 int wc_AesCmacGenerate(byte* out, word32* outSz, 00153 const byte* in, word32 inSz, 00154 const byte* key, word32 keySz) 00155 { 00156 Cmac cmac; 00157 int ret; 00158 00159 if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) 00160 return BAD_FUNC_ARG; 00161 00162 ret = wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL); 00163 if (ret != 0) 00164 return ret; 00165 00166 ret = wc_CmacUpdate(&cmac, in, inSz); 00167 if (ret != 0) 00168 return ret; 00169 00170 ret = wc_CmacFinal(&cmac, out, outSz); 00171 if (ret != 0) 00172 return ret; 00173 00174 return 0; 00175 } 00176 00177 00178 int wc_AesCmacVerify(const byte* check, word32 checkSz, 00179 const byte* in, word32 inSz, 00180 const byte* key, word32 keySz) 00181 { 00182 byte a[AES_BLOCK_SIZE]; 00183 word32 aSz = sizeof(a); 00184 int result; 00185 int compareRet; 00186 00187 if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) || 00188 key == NULL || keySz == 0) 00189 00190 return BAD_FUNC_ARG; 00191 00192 XMEMSET(a, 0, aSz); 00193 result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz); 00194 compareRet = ConstantCompare(check, a, min(checkSz, aSz)); 00195 00196 if (result == 0) 00197 result = compareRet ? 1 : 0; 00198 00199 return result; 00200 } 00201 00202 00203 #endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */ 00204
Generated on Tue Jul 12 2022 23:30:54 by
1.7.2