mirror of https://github.com/wolfSSL/wolfssl
commit
c48db891d1
19
configure.ac
19
configure.ac
|
@ -1256,6 +1256,19 @@ fi
|
|||
AM_CONDITIONAL([BUILD_SHA], [test "x$ENABLED_SHA" = "xyes"])
|
||||
|
||||
|
||||
# CMAC
|
||||
AC_ARG_ENABLE([cmac],
|
||||
[AS_HELP_STRING([--enable-cmac],[Enable CMAC (default: disabled)])],
|
||||
[ ENABLED_CMAC=$enableval ],
|
||||
[ ENABLED_CMAC=no ]
|
||||
)
|
||||
|
||||
AS_IF([test "x$ENABLED_CMAC" = "xyes"],
|
||||
[AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CMAC -DWOLFSSL_AES_DIRECT"])
|
||||
|
||||
AM_CONDITIONAL([BUILD_CMAC], [test "x$ENABLED_CMAC" = "xyes"])
|
||||
|
||||
|
||||
# Web Server Build
|
||||
AC_ARG_ENABLE([webserver],
|
||||
[ --enable-webserver Enable Web Server (default: disabled)],
|
||||
|
@ -2672,6 +2685,11 @@ AS_IF([test "x$ENABLED_SNIFFER" = "xyes" && \
|
|||
test "x$ENABLED_RSA" = "xno"],
|
||||
[AC_MSG_ERROR([please enable rsa if enabling sniffer.])])
|
||||
|
||||
# CMAC currently requires AES.
|
||||
AS_IF([test "x$ENABLED_CMAC" = "xyes" && \
|
||||
test "x$ENABLED_AES" = "xno"],
|
||||
[AC_MSG_ERROR([cannot use CMAC without AES.])])
|
||||
|
||||
################################################################################
|
||||
# Update CFLAGS based on options #
|
||||
################################################################################
|
||||
|
@ -2914,6 +2932,7 @@ echo " * RIPEMD: $ENABLED_RIPEMD"
|
|||
echo " * SHA: $ENABLED_SHA"
|
||||
echo " * SHA-512: $ENABLED_SHA512"
|
||||
echo " * BLAKE2: $ENABLED_BLAKE2"
|
||||
echo " * CMAC: $ENABLED_CMAC"
|
||||
echo " * keygen: $ENABLED_KEYGEN"
|
||||
echo " * certgen: $ENABLED_CERTGEN"
|
||||
echo " * certreq: $ENABLED_CERTREQ"
|
||||
|
|
|
@ -79,6 +79,10 @@ if BUILD_AES
|
|||
src_libwolfssl_la_SOURCES += wolfcrypt/src/aes.c
|
||||
endif
|
||||
|
||||
if BUILD_CMAC
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c
|
||||
endif
|
||||
|
||||
if BUILD_DES3
|
||||
src_libwolfssl_la_SOURCES += wolfcrypt/src/des3.c
|
||||
endif
|
||||
|
|
|
@ -62,6 +62,7 @@
|
|||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
#include <wolfssl/wolfcrypt/asn.h>
|
||||
#include <wolfssl/wolfcrypt/ripemd.h>
|
||||
#include <wolfssl/wolfcrypt/cmac.h>
|
||||
#ifdef HAVE_ECC
|
||||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
#endif
|
||||
|
@ -157,6 +158,7 @@ void bench_sha256(void);
|
|||
void bench_sha384(void);
|
||||
void bench_sha512(void);
|
||||
void bench_ripemd(void);
|
||||
void bench_cmac(void);
|
||||
|
||||
void bench_rsa(void);
|
||||
void bench_rsaKeyGen(void);
|
||||
|
@ -374,6 +376,9 @@ int benchmark_test(void *args)
|
|||
#ifdef HAVE_BLAKE2
|
||||
bench_blake2();
|
||||
#endif
|
||||
#ifdef WOLFSSL_CMAC
|
||||
bench_cmac();
|
||||
#endif
|
||||
|
||||
printf("\n");
|
||||
|
||||
|
@ -1318,6 +1323,55 @@ void bench_blake2(void)
|
|||
#endif
|
||||
|
||||
|
||||
#ifdef WOLFSSL_CMAC
|
||||
|
||||
void bench_cmac(void)
|
||||
{
|
||||
Cmac cmac;
|
||||
byte digest[AES_BLOCK_SIZE];
|
||||
word32 digestSz = sizeof(digest);
|
||||
double start, total, persec;
|
||||
int i, ret;
|
||||
|
||||
ret = wc_InitCmac(&cmac, key, 16, WC_CMAC_AES, NULL);
|
||||
if (ret != 0) {
|
||||
printf("InitCmac failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
start = current_time(1);
|
||||
BEGIN_INTEL_CYCLES
|
||||
|
||||
for(i = 0; i < numBlocks; i++) {
|
||||
ret = wc_CmacUpdate(&cmac, plain, sizeof(plain));
|
||||
if (ret != 0) {
|
||||
printf("CmacUpdate failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
ret = wc_CmacFinal(&cmac, digest, &digestSz);
|
||||
if (ret != 0) {
|
||||
printf("CmacFinal failed, ret = %d\n", ret);
|
||||
return;
|
||||
}
|
||||
|
||||
END_INTEL_CYCLES
|
||||
total = current_time(0) - start;
|
||||
persec = 1 / total * numBlocks;
|
||||
#ifdef BENCH_EMBEDDED
|
||||
/* since using kB, convert to MB/s */
|
||||
persec = persec / 1024;
|
||||
#endif
|
||||
|
||||
printf("AES-CMAC %d %s took %5.3f seconds, %8.3f MB/s", numBlocks,
|
||||
blockType, total, persec);
|
||||
SHOW_INTEL_CYCLES
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_CMAC */
|
||||
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,197 @@
|
|||
/* cmac.c
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
#define WOLFSSL_MISC_INCLUDED
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#include <wolfssl/wolfcrypt/cmac.h>
|
||||
|
||||
|
||||
#ifndef WOLFSSL_HAVE_MIN
|
||||
#define WOLFSSL_HAVE_MIN
|
||||
|
||||
static INLINE word32 min(word32 a, word32 b)
|
||||
{
|
||||
return a > b ? b : a;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_HAVE_MIN */
|
||||
|
||||
|
||||
static void ShiftAndXorRb(byte* out, byte* in)
|
||||
{
|
||||
int i, j, xorRb;
|
||||
int mask = 0, last = 0;
|
||||
byte Rb = 0x87;
|
||||
|
||||
xorRb = (in[0] & 0x80) != 0;
|
||||
|
||||
for (i = 1, j = AES_BLOCK_SIZE - 1; i <= AES_BLOCK_SIZE; i++, j--) {
|
||||
last = (in[j] & 0x80) ? 1 : 0;
|
||||
out[j] = (in[j] << 1) | mask;
|
||||
mask = last;
|
||||
if (xorRb) {
|
||||
out[j] ^= Rb;
|
||||
Rb = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz,
|
||||
int type, void* unused)
|
||||
{
|
||||
int ret;
|
||||
|
||||
(void)unused;
|
||||
|
||||
if (cmac == NULL || key == NULL || keySz == 0 || type != WC_CMAC_AES)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XMEMSET(cmac, 0, sizeof(Cmac));
|
||||
ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
|
||||
if (ret == 0) {
|
||||
byte l[AES_BLOCK_SIZE];
|
||||
|
||||
XMEMSET(l, 0, AES_BLOCK_SIZE);
|
||||
wc_AesEncryptDirect(&cmac->aes, l, l);
|
||||
ShiftAndXorRb(cmac->k1, l);
|
||||
ShiftAndXorRb(cmac->k2, cmac->k1);
|
||||
ForceZero(l, AES_BLOCK_SIZE);
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
|
||||
{
|
||||
if ((cmac == NULL) || (in == NULL && inSz != 0))
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
while (inSz != 0) {
|
||||
word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
|
||||
XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
|
||||
|
||||
cmac->bufferSz += add;
|
||||
in += add;
|
||||
inSz -= add;
|
||||
|
||||
if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
|
||||
if (cmac->totalSz != 0)
|
||||
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
|
||||
wc_AesEncryptDirect(&cmac->aes,
|
||||
cmac->digest,
|
||||
cmac->buffer);
|
||||
cmac->totalSz += AES_BLOCK_SIZE;
|
||||
cmac->bufferSz = 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
|
||||
{
|
||||
const byte* subKey;
|
||||
|
||||
if (cmac == NULL || out == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (outSz != NULL && *outSz < AES_BLOCK_SIZE)
|
||||
return BUFFER_E;
|
||||
|
||||
if (cmac->bufferSz == AES_BLOCK_SIZE) {
|
||||
subKey = cmac->k1;
|
||||
}
|
||||
else {
|
||||
word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz;
|
||||
|
||||
if (remainder == 0)
|
||||
remainder = AES_BLOCK_SIZE;
|
||||
|
||||
if (remainder > 1)
|
||||
XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
|
||||
cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
|
||||
subKey = cmac->k2;
|
||||
}
|
||||
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
|
||||
xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE);
|
||||
wc_AesEncryptDirect(&cmac->aes, out, cmac->buffer);
|
||||
|
||||
if (outSz != NULL)
|
||||
*outSz = AES_BLOCK_SIZE;
|
||||
ForceZero(cmac, sizeof(Cmac));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_AesCmacGenerate(byte* out, word32* outSz,
|
||||
const byte* in, word32 inSz,
|
||||
const byte* key, word32 keySz)
|
||||
{
|
||||
Cmac cmac;
|
||||
|
||||
wc_InitCmac(&cmac, key, keySz, WC_CMAC_AES, NULL);
|
||||
wc_CmacUpdate(&cmac, in, inSz);
|
||||
wc_CmacFinal(&cmac, out, outSz);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_AesCmacVerify(const byte* check, word32 checkSz,
|
||||
const byte* in, word32 inSz,
|
||||
const byte* key, word32 keySz)
|
||||
{
|
||||
byte a[AES_BLOCK_SIZE];
|
||||
word32 aSz = sizeof(a);
|
||||
int result;
|
||||
int compareRet;
|
||||
|
||||
XMEMSET(a, 0, aSz);
|
||||
result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
|
||||
compareRet = ConstantCompare(check, a, min(checkSz, aSz));
|
||||
|
||||
if (result == 0)
|
||||
result = compareRet ? 1 : 0;
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */
|
|
@ -49,6 +49,7 @@
|
|||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
#include <wolfssl/wolfcrypt/des3.h>
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#include <wolfssl/wolfcrypt/cmac.h>
|
||||
#include <wolfssl/wolfcrypt/poly1305.h>
|
||||
#include <wolfssl/wolfcrypt/camellia.h>
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
|
@ -180,6 +181,7 @@ int chacha20_poly1305_aead_test(void);
|
|||
int des_test(void);
|
||||
int des3_test(void);
|
||||
int aes_test(void);
|
||||
int cmac_test(void);
|
||||
int poly1305_test(void);
|
||||
int aesgcm_test(void);
|
||||
int gmac_test(void);
|
||||
|
@ -582,6 +584,13 @@ int wolfcrypt_test(void* args)
|
|||
printf( "ED25519 test passed!\n");
|
||||
#endif
|
||||
|
||||
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
|
||||
if ( (ret = cmac_test()) != 0)
|
||||
return err_sys("CMAC test failed!\n", ret);
|
||||
else
|
||||
printf( "CMAC test passed!\n");
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_LIBZ
|
||||
if ( (ret = compress_test()) != 0)
|
||||
return err_sys("COMPRESS test failed!\n", ret);
|
||||
|
@ -2908,6 +2917,7 @@ int aes_test(void)
|
|||
return ret;
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_AESGCM
|
||||
int aesgcm_test(void)
|
||||
{
|
||||
|
@ -7614,6 +7624,193 @@ int ed25519_test(void)
|
|||
#endif /* HAVE_ED25519 */
|
||||
|
||||
|
||||
#if defined(WOLFSSL_CMAC) && !defined(NO_AES)
|
||||
|
||||
typedef struct CMAC_Test_Case {
|
||||
int type;
|
||||
int partial;
|
||||
const byte* m;
|
||||
word32 mSz;
|
||||
const byte* k;
|
||||
word32 kSz;
|
||||
const byte* t;
|
||||
word32 tSz;
|
||||
} CMAC_Test_Case;
|
||||
|
||||
int cmac_test(void)
|
||||
{
|
||||
const byte k128[] =
|
||||
{
|
||||
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
|
||||
};
|
||||
const byte k192[] =
|
||||
{
|
||||
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
|
||||
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
|
||||
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
|
||||
};
|
||||
const byte k256[] =
|
||||
{
|
||||
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
|
||||
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
|
||||
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
|
||||
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
|
||||
};
|
||||
#define KLEN_128 (sizeof(k128))
|
||||
#define KLEN_192 (sizeof(k192))
|
||||
#define KLEN_256 (sizeof(k256))
|
||||
|
||||
const byte m[] =
|
||||
{
|
||||
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
||||
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
||||
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
||||
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
||||
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
|
||||
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
|
||||
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
|
||||
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
|
||||
};
|
||||
#define MLEN_0 (0)
|
||||
#define MLEN_128 (128/8)
|
||||
#define MLEN_320 (320/8)
|
||||
#define MLEN_319 (MLEN_320 - 1)
|
||||
#define MLEN_512 (512/8)
|
||||
|
||||
const byte t128_0[] =
|
||||
{
|
||||
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
|
||||
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
|
||||
};
|
||||
const byte t128_128[] =
|
||||
{
|
||||
0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
|
||||
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
|
||||
};
|
||||
const byte t128_319[] =
|
||||
{
|
||||
0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
|
||||
0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
|
||||
};
|
||||
const byte t128_320[] =
|
||||
{
|
||||
0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
|
||||
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
|
||||
};
|
||||
const byte t128_512[] =
|
||||
{
|
||||
0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
|
||||
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
|
||||
};
|
||||
|
||||
const byte t192_0[] =
|
||||
{
|
||||
0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
|
||||
0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
|
||||
};
|
||||
const byte t192_128[] =
|
||||
{
|
||||
0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
|
||||
0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
|
||||
};
|
||||
const byte t192_320[] =
|
||||
{
|
||||
0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
|
||||
0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
|
||||
};
|
||||
const byte t192_512[] =
|
||||
{
|
||||
0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
|
||||
0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
|
||||
};
|
||||
|
||||
const byte t256_0[] =
|
||||
{
|
||||
0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
|
||||
0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
|
||||
};
|
||||
const byte t256_128[] =
|
||||
{
|
||||
0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
|
||||
0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
|
||||
};
|
||||
const byte t256_320[] =
|
||||
{
|
||||
0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
|
||||
0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
|
||||
};
|
||||
const byte t256_512[] =
|
||||
{
|
||||
0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
|
||||
0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
|
||||
};
|
||||
|
||||
const CMAC_Test_Case testCases[] =
|
||||
{
|
||||
{WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
|
||||
{WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
|
||||
};
|
||||
|
||||
Cmac cmac;
|
||||
byte tag[AES_BLOCK_SIZE];
|
||||
const CMAC_Test_Case* tc;
|
||||
word32 i, tagSz;
|
||||
|
||||
for (i = 0, tc = testCases;
|
||||
i < sizeof(testCases)/sizeof(CMAC_Test_Case);
|
||||
i++, tc++) {
|
||||
|
||||
XMEMSET(tag, 0, sizeof(tag));
|
||||
tagSz = AES_BLOCK_SIZE;
|
||||
if (wc_InitCmac(&cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
|
||||
return -4033;
|
||||
if (tc->partial) {
|
||||
if (wc_CmacUpdate(&cmac, tc->m,
|
||||
tc->mSz/2 - tc->partial) != 0)
|
||||
return -4034;
|
||||
if (wc_CmacUpdate(&cmac, tc->m + tc->mSz/2 - tc->partial,
|
||||
tc->mSz/2 + tc->partial) != 0)
|
||||
return -4035;
|
||||
}
|
||||
else {
|
||||
if (wc_CmacUpdate(&cmac, tc->m, tc->mSz) != 0)
|
||||
return -4034;
|
||||
}
|
||||
if (wc_CmacFinal(&cmac, tag, &tagSz) != 0)
|
||||
return -4036;
|
||||
if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
|
||||
return -4037;
|
||||
|
||||
XMEMSET(tag, 0, sizeof(tag));
|
||||
tagSz = sizeof(tag);
|
||||
if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
|
||||
tc->k, tc->kSz) != 0)
|
||||
return -4038;
|
||||
if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
|
||||
return -4039;
|
||||
if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
|
||||
tc->k, tc->kSz) != 0)
|
||||
return -4040;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* NO_AES && WOLFSSL_CMAC */
|
||||
|
||||
#ifdef HAVE_LIBZ
|
||||
|
||||
const byte sample_text[] =
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
/* cmac.h
|
||||
*
|
||||
* Copyright (C) 2006-2016 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL.
|
||||
*
|
||||
* wolfSSL is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfSSL is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
|
||||
#ifndef WOLF_CRYPT_CMAC_H
|
||||
#define WOLF_CRYPT_CMAC_H
|
||||
|
||||
#include <wolfssl/wolfcrypt/types.h>
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
|
||||
#if !defined(NO_AES) && defined(WOLFSSL_CMAC)
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct Cmac {
|
||||
Aes aes;
|
||||
byte buffer[AES_BLOCK_SIZE]; /* partially stored block */
|
||||
byte digest[AES_BLOCK_SIZE]; /* running digest */
|
||||
byte k1[AES_BLOCK_SIZE];
|
||||
byte k2[AES_BLOCK_SIZE];
|
||||
word32 bufferSz;
|
||||
word32 totalSz;
|
||||
} Cmac;
|
||||
|
||||
|
||||
typedef enum CmacType {
|
||||
WC_CMAC_AES = 1
|
||||
} CmacType;
|
||||
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_InitCmac(Cmac* cmac,
|
||||
const byte* key, word32 keySz,
|
||||
int type, void* unused);
|
||||
WOLFSSL_API
|
||||
int wc_CmacUpdate(Cmac* cmac,
|
||||
const byte* in, word32 inSz);
|
||||
WOLFSSL_API
|
||||
int wc_CmacFinal(Cmac* cmac,
|
||||
byte* out, word32* outSz);
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_AesCmacGenerate(byte* out, word32* outSz,
|
||||
const byte* in, word32 inSz,
|
||||
const byte* key, word32 keySz);
|
||||
|
||||
WOLFSSL_API
|
||||
int wc_AesCmacVerify(const byte* check, word32 checkSz,
|
||||
const byte* in, word32 inSz,
|
||||
const byte* key, word32 keySz);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* NO_AES && WOLFSSL_CMAC */
|
||||
#endif /* WOLF_CRYPT_CMAC_H */
|
||||
|
|
@ -8,6 +8,7 @@ nobase_include_HEADERS+= \
|
|||
wolfssl/wolfcrypt/asn_public.h \
|
||||
wolfssl/wolfcrypt/poly1305.h \
|
||||
wolfssl/wolfcrypt/camellia.h \
|
||||
wolfssl/wolfcrypt/cmac.h \
|
||||
wolfssl/wolfcrypt/coding.h \
|
||||
wolfssl/wolfcrypt/compress.h \
|
||||
wolfssl/wolfcrypt/des3.h \
|
||||
|
|
Loading…
Reference in New Issue