68#if !defined(MBEDTLS_CONFIG_FILE)
71#include MBEDTLS_CONFIG_FILE
74#if defined(MBEDTLS_CMAC_C)
82#if defined(MBEDTLS_PLATFORM_C)
86#define mbedtls_calloc calloc
87#define mbedtls_free free
88#if defined(MBEDTLS_SELF_TEST)
90#define mbedtls_printf printf
94#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
108static int cmac_multiply_by_u(
unsigned char *output,
109 const unsigned char *
input,
112 const unsigned char R_128 = 0x87;
113 const unsigned char R_64 = 0x1B;
114 unsigned char R_n,
mask;
115 unsigned char overflow = 0x00;
131 for(
i = (
int)blocksize - 1;
i >= 0;
i-- )
133 output[
i] =
input[
i] << 1 | overflow;
143#pragma warning( push )
144#pragma warning( disable : 4146 )
148#pragma warning( pop )
151 output[ blocksize - 1 ] ^= R_n &
mask;
162 unsigned char* K1,
unsigned char* K2 )
182 if( (
ret = cmac_multiply_by_u( K2, K1 ,
block_size ) ) != 0 )
192#if !defined(MBEDTLS_CMAC_ALT)
193static void cmac_xor_block(
unsigned char *output,
const unsigned char *input1,
194 const unsigned char *input2,
200 output[
idx ] = input1[
idx ] ^ input2[
idx ];
210 size_t padded_block_len,
211 const unsigned char *last_block,
212 size_t last_block_len )
216 for(
j = 0;
j < padded_block_len;
j++ )
218 if(
j < last_block_len )
219 padded_block[
j] = last_block[
j];
220 else if(
j == last_block_len )
221 padded_block[
j] = 0x80;
223 padded_block[
j] = 0x00;
228 const unsigned char *
key,
size_t keybits )
257 if( cmac_ctx ==
NULL )
260 ctx->cmac_ctx = cmac_ctx;
268 const unsigned char *
input,
size_t ilen )
271 unsigned char *
state;
279 cmac_ctx =
ctx->cmac_ctx;
310 for(
j = 1;
j <
n;
j++ )
336 unsigned char *output )
339 unsigned char *
state, *last_block;
350 cmac_ctx =
ctx->cmac_ctx;
356 cmac_generate_subkeys(
ctx, K1, K2 );
364 cmac_xor_block( M_last, M_last, K2,
block_size );
369 cmac_xor_block( M_last, last_block, K1,
block_size );
403 cmac_ctx =
ctx->cmac_ctx;
410 sizeof( cmac_ctx->
state ) );
416 const unsigned char *
key,
size_t keylen,
417 const unsigned char *
input,
size_t ilen,
418 unsigned char *output )
447#if defined(MBEDTLS_AES_C)
452 const unsigned char *
input,
size_t in_len,
453 unsigned char output[16] )
464 if( cipher_info ==
NULL )
498#if defined(MBEDTLS_SELF_TEST)
508#define NB_CMAC_TESTS_PER_KEY 4
509#define NB_PRF_TESTS 3
511#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C)
513static const unsigned char test_message[] = {
515 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
516 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
517 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
518 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
519 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
520 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
521 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
522 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
526#if defined(MBEDTLS_AES_C)
528static const unsigned int aes_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
537static const unsigned char aes_128_key[16] = {
538 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
539 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
544 0xfb, 0xee, 0xd6, 0x18, 0x35, 0x71, 0x33, 0x66,
545 0x7c, 0x85, 0xe0, 0x8f, 0x72, 0x36, 0xa8, 0xde
549 0xf7, 0xdd, 0xac, 0x30, 0x6a, 0xe2, 0x66, 0xcc,
550 0xf9, 0x0b, 0xc1, 0x1e, 0xe4, 0x6d, 0x51, 0x3b
556 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
557 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
561 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
562 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
566 0x7d, 0x85, 0x44, 0x9e, 0xa6, 0xea, 0x19, 0xc8,
567 0x23, 0xa7, 0xbf, 0x78, 0x83, 0x7d, 0xfa, 0xde
571 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
572 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
577static const unsigned char aes_192_key[24] = {
578 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
579 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
580 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
585 0x44, 0x8a, 0x5b, 0x1c, 0x93, 0x51, 0x4b, 0x27,
586 0x3e, 0xe6, 0x43, 0x9d, 0xd4, 0xda, 0xa2, 0x96
590 0x89, 0x14, 0xb6, 0x39, 0x26, 0xa2, 0x96, 0x4e,
591 0x7d, 0xcc, 0x87, 0x3b, 0xa9, 0xb5, 0x45, 0x2c
597 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
598 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
602 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
603 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
607 0x3d, 0x75, 0xc1, 0x94, 0xed, 0x96, 0x07, 0x04,
608 0x44, 0xa9, 0xfa, 0x7e, 0xc7, 0x40, 0xec, 0xf8
612 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
613 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
618static const unsigned char aes_256_key[32] = {
619 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
620 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
621 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
622 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
627 0xca, 0xd1, 0xed, 0x03, 0x29, 0x9e, 0xed, 0xac,
628 0x2e, 0x9a, 0x99, 0x80, 0x86, 0x21, 0x50, 0x2f
632 0x95, 0xa3, 0xda, 0x06, 0x53, 0x3d, 0xdb, 0x58,
633 0x5d, 0x35, 0x33, 0x01, 0x0c, 0x42, 0xa0, 0xd9
639 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
640 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
644 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
645 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
649 0x15, 0x67, 0x27, 0xdc, 0x08, 0x78, 0x94, 0x4a,
650 0x02, 0x3c, 0x1f, 0xe0, 0x3b, 0xad, 0x6d, 0x93
654 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
655 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
660#if defined(MBEDTLS_DES_C)
662static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
670static const unsigned char des3_2key_key[24] = {
672 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
674 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xEF, 0x01,
676 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
678static const unsigned char des3_2key_subkeys[2][8] = {
681 0x0d, 0xd2, 0xcb, 0x7a, 0x3d, 0x88, 0x88, 0xd9
685 0x1b, 0xa5, 0x96, 0xf4, 0x7b, 0x11, 0x11, 0xb2
691 0x79, 0xce, 0x52, 0xa7, 0xf7, 0x86, 0xa9, 0x60
695 0xcc, 0x18, 0xa0, 0xb7, 0x9a, 0xf2, 0x41, 0x3b
699 0xc0, 0x6d, 0x37, 0x7e, 0xcd, 0x10, 0x19, 0x69
703 0x9c, 0xd3, 0x35, 0x80, 0xf9, 0xb6, 0x4d, 0xfb
708static const unsigned char des3_3key_key[24] = {
710 0x01, 0x23, 0x45, 0x67, 0x89, 0xaa, 0xcd, 0xef,
712 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01,
714 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23
716static const unsigned char des3_3key_subkeys[2][8] = {
719 0x9d, 0x74, 0xe7, 0x39, 0x33, 0x17, 0x96, 0xc0
723 0x3a, 0xe9, 0xce, 0x72, 0x66, 0x2f, 0x2d, 0x9b
729 0x7d, 0xb0, 0xd3, 0x7d, 0xf9, 0x36, 0xc5, 0x50
733 0x30, 0x23, 0x9c, 0xf1, 0xf5, 0x2e, 0x66, 0x09
737 0x6c, 0x9f, 0x3e, 0xe4, 0x92, 0x3f, 0x6b, 0xe2
741 0x99, 0x42, 0x9b, 0xd0, 0xbF, 0x79, 0x04, 0xe5
747#if defined(MBEDTLS_AES_C)
749static const unsigned char PRFK[] = {
751 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
752 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
757static const size_t PRFKlen[NB_PRF_TESTS] = {
764static const unsigned char PRFM[] = {
765 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
766 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
767 0x10, 0x11, 0x12, 0x13
770static const unsigned char PRFT[NB_PRF_TESTS][16] = {
772 0x84, 0xa3, 0x48, 0xa4, 0xa4, 0x5d, 0x23, 0x5b,
773 0xab, 0xff, 0xfc, 0x0d, 0x2b, 0x4d, 0xa0, 0x9a
776 0x98, 0x0a, 0xe8, 0x7b, 0x5f, 0x4c, 0x9c, 0x52,
777 0x14, 0xf5, 0xb6, 0xa8, 0x45, 0x5e, 0x4c, 0x2d
780 0x29, 0x0d, 0x9e, 0x11, 0x2e, 0xdb, 0x09, 0xee,
781 0x14, 0x1f, 0xcf, 0x64, 0xc0, 0xb7, 0x2f, 0x3d
786static int cmac_test_subkeys(
int verbose,
787 const char* testname,
788 const unsigned char*
key,
790 const unsigned char* subkeys,
802 if( cipher_info ==
NULL )
832 ret = cmac_generate_subkeys( &
ctx, K1, K2 );
866static int cmac_test_wth_cipher(
int verbose,
867 const char* testname,
868 const unsigned char*
key,
871 const unsigned int message_lengths[4],
882 if( cipher_info ==
NULL )
895 message_lengths[
i], output ) ) != 0 )
918#if defined(MBEDTLS_AES_C)
919static int test_aes128_cmac_prf(
int verbose )
925 for(
i = 0;
i < NB_PRF_TESTS;
i++ )
947int mbedtls_cmac_self_test(
int verbose )
951#if defined(MBEDTLS_AES_C)
957 (
const unsigned char*)aes_128_subkeys,
960 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
971 (
const unsigned char*)aes_128_expected_result,
974 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
984 (
const unsigned char*)aes_192_subkeys,
987 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
998 (
const unsigned char*)aes_192_expected_result,
1001 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1011 (
const unsigned char*)aes_256_subkeys,
1014 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1024 aes_message_lengths,
1025 (
const unsigned char*)aes_256_expected_result,
1028 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1034#if defined(MBEDTLS_DES_C)
1040 (
const unsigned char*)des3_2key_subkeys,
1043 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1053 des3_message_lengths,
1054 (
const unsigned char*)des3_2key_expected_result,
1057 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1067 (
const unsigned char*)des3_3key_subkeys,
1070 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1080 des3_message_lengths,
1081 (
const unsigned char*)des3_3key_expected_result,
1084 NB_CMAC_TESTS_PER_KEY ) ) != 0 )
1090#if defined(MBEDTLS_AES_C)
1091 if( (
ret = test_aes128_cmac_prf(
verbose ) ) != 0 )
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info)
This function initializes and fills the cipher-context structure with the appropriate values....
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
@ MBEDTLS_CIPHER_AES_128_ECB
@ MBEDTLS_CIPHER_AES_256_ECB
@ MBEDTLS_CIPHER_AES_192_ECB
@ MBEDTLS_CIPHER_DES_EDE3_ECB
int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx, const unsigned char *key, int key_bitlen, const mbedtls_operation_t operation)
This function sets the key to use with the given context.
#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx)
This function initializes a cipher_context as NONE.
void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx)
This function frees and clears the cipher-specific context of ctx. Freeing ctx itself remains the res...
int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen)
The generic cipher update function. It encrypts or decrypts using the given cipher context....
#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED
This file contains CMAC definitions and functions.
int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing CMAC computation.
int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
This function prepares the authentication of another message with the same key as the previous CMAC o...
#define MBEDTLS_AES_BLOCK_SIZE
int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx, unsigned char *output)
This function finishes the CMAC operation, and writes the result to the output buffer.
#define MBEDTLS_DES3_BLOCK_SIZE
#define MBEDTLS_CIPHER_BLKSIZE_MAX
int mbedtls_aes_cmac_prf_128(const unsigned char *key, size_t key_len, const unsigned char *input, size_t in_len, unsigned char output[16])
This function implements the AES-CMAC-PRF-128 pseudorandom function, as defined in RFC-4615: The Adva...
int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx, const unsigned char *key, size_t keybits)
This function sets the CMAC key, and prepares to authenticate the input data. Must be called with an ...
int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the full generic CMAC on the input buffer with the provided key.
static void cleanup(void)
GLuint GLuint GLsizei GLenum type
GLenum GLenum GLenum input
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
static DWORD block_size(DWORD block)
#define memcpy(s1, s2, n)
const char * expected_result
#define mbedtls_cipher_info_from_type
Configuration options (set of defines)
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]