TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 06acc18f4492908c1ce7a10f84147950a82055ca / . / include / mbedtls / cmac.h
blob: 5a09761c211398287f0685d54cad4e970b6e184f [file] [log] [blame]
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]1/**
2 * \file cmac.h
3 *
4 * \brief The CMAC Mode for Authentication
5 *
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23#ifndef MBEDTLS_CMAC_H
24#define MBEDTLS_CMAC_H
25
26#include "cipher.h"
27
28#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */
29#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */
Brian Murray06acc182016-05-24 15:53:52 -0700[diff] [blame^]30#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */
Brian Murray57863ad2016-05-19 16:38:36 -0700[diff] [blame]31
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]38 * \brief CMAC context structure
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]39 */
40typedef struct {
41 mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]42 unsigned char* K1; /*!< CMAC Subkey 1 */
43 unsigned char* K2; /*!< CMAC Subkey 2 */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]44}
45mbedtls_cmac_context;
46
47/**
48 * \brief Initialize CMAC context (just makes references valid)
49 * Makes the context ready for mbedtls_cmac_setkey() or
50 * mbedtls_cmac_free().
51 *
52 * \param ctx CMAC context to initialize
53 */
54void mbedtls_cmac_init( mbedtls_cmac_context *ctx );
55
56/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]57 * \brief Initialize the CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]58 *
59 * \param ctx CMAC context to be initialized
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]60 * \param cipher cipher to use
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]61 * \param key encryption key
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]62 * \param keybits encryption key size in bits (must be acceptable by the cipher)
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]63 *
64 * \return 0 if successful, or a cipher specific error code
65 */
66int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx,
67 mbedtls_cipher_id_t cipher,
68 const unsigned char *key,
69 unsigned int keybits );
70
71/**
72 * \brief Free a CMAC context and underlying cipher sub-context
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]73 * Securely wipes sub keys and other sensitive data.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]74 *
75 * \param ctx CMAC context to free
76 */
77void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
78
79/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]80 * \brief Generate a CMAC tag.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]81 *
82 * \param ctx CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]83 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]84 * \param in_len length of the input data in bytes
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]85 * \param tag buffer for holding the generated tag
86 * \param tag_len length of the tag to generate in bytes
Brian Murray87e40402016-05-19 19:05:57 -0700[diff] [blame]87 * Must be 2, 4, 6, 8 if cipher block size is 64
88 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]89 *
90 * \return 0 if successful
91 */
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]92int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
93 const unsigned char *input, size_t in_len,
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]94 unsigned char *tag, size_t tag_len );
95
96/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]97 * \brief Verify a CMAC tag.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]98 *
99 * \param ctx CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]100 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]101 * \param in_len length of the input data in bytes
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]102 * \param tag buffer holding the tag to verify
103 * \param tag_len length of the tag to verify in bytes
Brian Murray87e40402016-05-19 19:05:57 -0700[diff] [blame]104 * Must be 2, 4, 6, 8 if cipher block size is 64
105 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]106 * \return 0 if successful and authenticated
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]107 * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
108 */
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]109int mbedtls_cmac_verify( mbedtls_cmac_context *ctx,
110 const unsigned char *input, size_t in_len,
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]111 const unsigned char *tag, size_t tag_len );
112
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]113#ifdef MBEDTLS_AES_C
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]114/**
115 * \brief AES-CMAC-128-PRF
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]116 * See RFC 4615 for details
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]117 *
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]118 * \param key PRF key
119 * \param key_len PRF key length
120 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]121 * \param in_len length of the input data in bytes
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]122 * \param tag buffer holding the tag to verify (16 bytes)
123 *
124 * \return 0 if successful
125 */
Brian Murrayb0c3c432016-05-18 14:29:51 -0700[diff] [blame]126int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]127 const unsigned char *input, size_t in_len,
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]128 unsigned char tag[16] );
129#endif /* MBEDTLS_AES_C */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]130
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]131#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]132/**
133 * \brief Checkup routine
134 *
135 * \return 0 if successful, or 1 if the test failed
136 */
137int mbedtls_cmac_self_test( int verbose );
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]138#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]139
140#ifdef __cplusplus
141}
142#endif
143
144#endif /* MBEDTLS_CMAC_H */