commit dc5c7b98ac3bffb3b94fa5feece658365758a733
author Robert Cragie <Robert.Cragie@arm.com> Fri Dec 11 15:49:45 2015 +0000
committer Simon Butcher <simon.butcher@arm.com> Wed Oct 05 14:19:13 2016 +0100
tree 4655a90711743d0541d0387e73a50d826d9b698a
parent 93012e8bce9788244238ab8f93b2544d1d030b89

Add support for AES-128-CMAC and AES-CMAC-PRF-128

include/mbedtls/cmac.h

diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
new file mode 100644
index 0000000..08483f6
--- /dev/null
+++ b/include/mbedtls/cmac.h
@@ -0,0 +1,139 @@
+/**

+ * \file cmac.h

+ *

+ * \brief The CMAC Mode for Authentication

+ *

+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved

+ *  SPDX-License-Identifier: Apache-2.0

+ *

+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may

+ *  not use this file except in compliance with the License.

+ *  You may obtain a copy of the License at

+ *

+ *  http://www.apache.org/licenses/LICENSE-2.0

+ *

+ *  Unless required by applicable law or agreed to in writing, software

+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ *  See the License for the specific language governing permissions and

+ *  limitations under the License.

+ *

+ *  This file is part of mbed TLS (https://tls.mbed.org)

+ */

+#ifndef MBEDTLS_CMAC_H

+#define MBEDTLS_CMAC_H

+

+#include "cipher.h"

+

+#define MBEDTLS_ERR_CMAC_BAD_INPUT      -0x000D /**< Bad input parameters to function. */

+#define MBEDTLS_ERR_CMAC_VERIFY_FAILED  -0x000F /**< Verification failed. */

+

+#ifdef __cplusplus

+extern "C" {

+#endif

+

+/**

+ * \brief          CCM context structure

+ */

+typedef struct {

+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */

+    unsigned char K1[16];

+    unsigned char K2[16];

+}

+mbedtls_cmac_context;

+

+/**

+ * \brief           Initialize CMAC context (just makes references valid)

+ *                  Makes the context ready for mbedtls_cmac_setkey() or

+ *                  mbedtls_cmac_free().

+ *

+ * \param ctx       CMAC context to initialize

+ */

+void mbedtls_cmac_init( mbedtls_cmac_context *ctx );

+

+/**

+ * \brief           CMAC initialization

+ *

+ * \param ctx       CMAC context to be initialized

+ * \param cipher    cipher to use (a 128-bit block cipher)

+ * \param key       encryption key

+ * \param keybits   key size in bits (must be acceptable by the cipher)

+ *

+ * \return          0 if successful, or a cipher specific error code

+ */

+int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx,

+                         mbedtls_cipher_id_t cipher,

+                         const unsigned char *key,

+                         unsigned int keybits );

+

+/**

+ * \brief           Free a CMAC context and underlying cipher sub-context

+ *

+ * \param ctx       CMAC context to free

+ */

+void mbedtls_cmac_free( mbedtls_cmac_context *ctx );

+

+/**

+ * \brief           CMAC generate

+ *

+ * \param ctx       CMAC context

+ * \param length    length of the input data in bytes

+ * \param input     buffer holding the input data

+ * \param tag       buffer for holding the generated tag

+ * \param tag_len   length of the tag to generate in bytes

+ *                  must be between 4, 6, 8, 10, 14 or 16

+ *

+ * \return          0 if successful

+ */

+int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length,

+                           const unsigned char *input,

+                           unsigned char *tag, size_t tag_len );

+

+/**

+ * \brief           CMAC verify

+ *

+ * \param ctx       CMAC context

+ * \param length    length of the input data in bytes

+ * \param input     buffer holding the input data

+ * \param tag       buffer holding the tag to verify

+ * \param tag_len   length of the tag to verify in bytes

+ *                  must be 4, 6, 8, 10, 14 or 16

+ *

+ * \return          0 if successful and authenticated,

+ *                  MBEDTLS_ERR_CMAC_AUTH_FAILED if tag does not match

+ */

+int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length,

+                         const unsigned char *input,

+                         const unsigned char *tag, size_t tag_len );

+

+/**

+ * \brief           AES-CMAC-128-PRF

+ *

+ * \param ctx       CMAC context

+ * \param length    length of the input data in bytes

+ * \param key       PRF key

+ * \param key_len   PRF key length

+ * \param input     buffer holding the input data

+ * \param tag       buffer holding the tag to verify (16 bytes)

+ *

+ * \return          0 if successful

+ */

+int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length,

+                              const unsigned char *key, size_t key_len,

+                              const unsigned char *input,

+                              unsigned char *tag );

+

+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)

+/**

+ * \brief          Checkup routine

+ *

+ * \return         0 if successful, or 1 if the test failed

+ */

+int mbedtls_cmac_self_test( int verbose );

+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

+

+#ifdef __cplusplus

+}

+#endif

+

+#endif /* MBEDTLS_CMAC_H */

include/mbedtls/config.h

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index a58519b..6e03136 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1672,6 +1672,18 @@
 #define MBEDTLS_CIPHER_C
 
 /**
+ * \def MBEDTLS_CMAC_C
+ *
+ * Enable the CMAC mode for 128-bit block cipher.
+ *
+ * Module:  library/cmac.c
+ *
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
+ *
+ */
+#define MBEDTLS_CMAC_C
+
+/**
  * \def MBEDTLS_CTR_DRBG_C
  *
  * Enable the CTR_DRBG AES-256-based random generator.