/src/botan/src/lib/mac/cmac/cmac.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * CMAC |
3 | | * (C) 1999-2007,2014 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/cmac.h> |
9 | | #include <botan/exceptn.h> |
10 | | #include <botan/internal/poly_dbl.h> |
11 | | |
12 | | namespace Botan { |
13 | | |
14 | | /* |
15 | | * Perform CMAC's multiplication in GF(2^n) |
16 | | */ |
17 | | secure_vector<uint8_t> CMAC::poly_double(const secure_vector<uint8_t>& in) |
18 | 0 | { |
19 | 0 | secure_vector<uint8_t> out(in.size()); |
20 | 0 | poly_double_n(out.data(), in.data(), out.size()); |
21 | 0 | return out; |
22 | 0 | } |
23 | | |
24 | | /* |
25 | | * Update an CMAC Calculation |
26 | | */ |
27 | | void CMAC::add_data(const uint8_t input[], size_t length) |
28 | 0 | { |
29 | 0 | const size_t bs = output_length(); |
30 | 0 |
|
31 | 0 | buffer_insert(m_buffer, m_position, input, length); |
32 | 0 | if(m_position + length > bs) |
33 | 0 | { |
34 | 0 | xor_buf(m_state, m_buffer, bs); |
35 | 0 | m_cipher->encrypt(m_state); |
36 | 0 | input += (bs - m_position); |
37 | 0 | length -= (bs - m_position); |
38 | 0 | while(length > bs) |
39 | 0 | { |
40 | 0 | xor_buf(m_state, input, bs); |
41 | 0 | m_cipher->encrypt(m_state); |
42 | 0 | input += bs; |
43 | 0 | length -= bs; |
44 | 0 | } |
45 | 0 | copy_mem(m_buffer.data(), input, length); |
46 | 0 | m_position = 0; |
47 | 0 | } |
48 | 0 | m_position += length; |
49 | 0 | } |
50 | | |
51 | | /* |
52 | | * Finalize an CMAC Calculation |
53 | | */ |
54 | | void CMAC::final_result(uint8_t mac[]) |
55 | 0 | { |
56 | 0 | xor_buf(m_state, m_buffer, m_position); |
57 | 0 |
|
58 | 0 | if(m_position == output_length()) |
59 | 0 | { |
60 | 0 | xor_buf(m_state, m_B, output_length()); |
61 | 0 | } |
62 | 0 | else |
63 | 0 | { |
64 | 0 | m_state[m_position] ^= 0x80; |
65 | 0 | xor_buf(m_state, m_P, output_length()); |
66 | 0 | } |
67 | 0 |
|
68 | 0 | m_cipher->encrypt(m_state); |
69 | 0 |
|
70 | 0 | copy_mem(mac, m_state.data(), output_length()); |
71 | 0 |
|
72 | 0 | zeroise(m_state); |
73 | 0 | zeroise(m_buffer); |
74 | 0 | m_position = 0; |
75 | 0 | } |
76 | | |
77 | | /* |
78 | | * CMAC Key Schedule |
79 | | */ |
80 | | void CMAC::key_schedule(const uint8_t key[], size_t length) |
81 | 0 | { |
82 | 0 | clear(); |
83 | 0 | m_cipher->set_key(key, length); |
84 | 0 | m_cipher->encrypt(m_B); |
85 | 0 | poly_double_n(m_B.data(), m_B.size()); |
86 | 0 | poly_double_n(m_P.data(), m_B.data(), m_P.size()); |
87 | 0 | } |
88 | | |
89 | | /* |
90 | | * Clear memory of sensitive data |
91 | | */ |
92 | | void CMAC::clear() |
93 | 0 | { |
94 | 0 | m_cipher->clear(); |
95 | 0 | zeroise(m_state); |
96 | 0 | zeroise(m_buffer); |
97 | 0 | zeroise(m_B); |
98 | 0 | zeroise(m_P); |
99 | 0 | m_position = 0; |
100 | 0 | } |
101 | | |
102 | | /* |
103 | | * Return the name of this type |
104 | | */ |
105 | | std::string CMAC::name() const |
106 | 0 | { |
107 | 0 | return "CMAC(" + m_cipher->name() + ")"; |
108 | 0 | } |
109 | | |
110 | | /* |
111 | | * Return a clone of this object |
112 | | */ |
113 | | MessageAuthenticationCode* CMAC::clone() const |
114 | 0 | { |
115 | 0 | return new CMAC(m_cipher->clone()); |
116 | 0 | } |
117 | | |
118 | | /* |
119 | | * CMAC Constructor |
120 | | */ |
121 | | CMAC::CMAC(BlockCipher* cipher) : |
122 | | m_cipher(cipher), |
123 | | m_block_size(m_cipher->block_size()) |
124 | 0 | { |
125 | 0 | if(poly_double_supported_size(m_block_size) == false) |
126 | 0 | { |
127 | 0 | throw Invalid_Argument("CMAC cannot use the " + |
128 | 0 | std::to_string(m_block_size * 8) + |
129 | 0 | " bit cipher " + m_cipher->name()); |
130 | 0 | } |
131 | 0 | |
132 | 0 | m_state.resize(output_length()); |
133 | 0 | m_buffer.resize(output_length()); |
134 | 0 | m_B.resize(output_length()); |
135 | 0 | m_P.resize(output_length()); |
136 | 0 | m_position = 0; |
137 | 0 | } |
138 | | |
139 | | } |