/src/hostap/src/crypto/aes-omac1.c

Source
/*
 * One-key CBC MAC (OMAC1) hash with AES
 *
 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "includes.h"

#include "common.h"
#include "aes.h"
#include "aes_wrap.h"

static void gf_mulx(u8 *pad)
{
  int i, carry;

  carry = pad[0] & 0x80;
  for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
    pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7);
  pad[AES_BLOCK_SIZE - 1] <<= 1;
  if (carry)
    pad[AES_BLOCK_SIZE - 1] ^= 0x87;
}


/**
 * omac1_aes_vector - One-Key CBC MAC (OMAC1) hash with AES
 * @key: Key for the hash operation
 * @key_len: Key length in octets
 * @num_elem: Number of elements in the data vector
 * @addr: Pointers to the data areas
 * @len: Lengths of the data blocks
 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
 * Returns: 0 on success, -1 on failure
 *
 * This is a mode for using block cipher (AES in this case) for authentication.
 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
 * (SP) 800-38B.
 */
int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
         const u8 *addr[], const size_t *len, u8 *mac)
{
  void *ctx;
  u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
  const u8 *pos, *end;
  size_t i, e, left, total_len;

  if (TEST_FAIL())
    return -1;

  ctx = aes_encrypt_init(key, key_len);
  if (ctx == NULL)
    return -1;
  os_memset(cbc, 0, AES_BLOCK_SIZE);

  total_len = 0;
  for (e = 0; e < num_elem; e++)
    total_len += len[e];
  left = total_len;

  e = 0;
  pos = addr[0];
  end = pos + len[0];

  while (left >= AES_BLOCK_SIZE) {
    for (i = 0; i < AES_BLOCK_SIZE; i++) {
      cbc[i] ^= *pos++;
      if (pos >= end) {
        /*
         * Stop if there are no more bytes to process
         * since there are no more entries in the array.
         */
        if (i + 1 == AES_BLOCK_SIZE &&
            left == AES_BLOCK_SIZE)
          break;
        e++;
        pos = addr[e];
        end = pos + len[e];
      }
    }
    if (left > AES_BLOCK_SIZE)
      aes_encrypt(ctx, cbc, cbc);
    left -= AES_BLOCK_SIZE;
  }

  os_memset(pad, 0, AES_BLOCK_SIZE);
  aes_encrypt(ctx, pad, pad);
  gf_mulx(pad);

  if (left || total_len == 0) {
    for (i = 0; i < left; i++) {
      cbc[i] ^= *pos++;
      if (pos >= end) {
        /*
         * Stop if there are no more bytes to process
         * since there are no more entries in the array.
         */
        if (i + 1 == left)
          break;
        e++;
        pos = addr[e];
        end = pos + len[e];
      }
    }
    cbc[left] ^= 0x80;
    gf_mulx(pad);
  }

  for (i = 0; i < AES_BLOCK_SIZE; i++)
    pad[i] ^= cbc[i];
  aes_encrypt(ctx, pad, mac);
  aes_encrypt_deinit(ctx);
  return 0;
}


/**
 * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
 * @key: 128-bit key for the hash operation
 * @num_elem: Number of elements in the data vector
 * @addr: Pointers to the data areas
 * @len: Lengths of the data blocks
 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
 * Returns: 0 on success, -1 on failure
 *
 * This is a mode for using block cipher (AES in this case) for authentication.
 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
 * (SP) 800-38B.
 */
int omac1_aes_128_vector(const u8 *key, size_t num_elem,
       const u8 *addr[], const size_t *len, u8 *mac)
{
  return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
}


/**
 * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
 * @key: 128-bit key for the hash operation
 * @data: Data buffer for which a MAC is determined
 * @data_len: Length of data buffer in bytes
 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
 * Returns: 0 on success, -1 on failure
 *
 * This is a mode for using block cipher (AES in this case) for authentication.
 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
 * (SP) 800-38B.
 */
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
  return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}


/**
 * omac1_aes_256 - One-Key CBC MAC (OMAC1) hash with AES-256 (aka AES-CMAC)
 * @key: 256-bit key for the hash operation
 * @data: Data buffer for which a MAC is determined
 * @data_len: Length of data buffer in bytes
 * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
 * Returns: 0 on success, -1 on failure
 *
 * This is a mode for using block cipher (AES in this case) for authentication.
 * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
 * (SP) 800-38B.
 */
int omac1_aes_256(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
{
  return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
}

Line	Count	Source
1		/*
2		* One-key CBC MAC (OMAC1) hash with AES
3		*
4		* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5		*
6		* This software may be distributed under the terms of the BSD license.
7		* See README for more details.
8		*/
9
10		#include "includes.h"
11
12		#include "common.h"
13		#include "aes.h"
14		#include "aes_wrap.h"
15
16		static void gf_mulx(u8 *pad)
17	0	{
18	0	int i, carry;
19
20	0	carry = pad[0] & 0x80;
21	0	for (i = 0; i < AES_BLOCK_SIZE - 1; i++)
22	0	pad[i] = (pad[i] << 1) \| (pad[i + 1] >> 7);
23	0	pad[AES_BLOCK_SIZE - 1] <<= 1;
24	0	if (carry)
25	0	pad[AES_BLOCK_SIZE - 1] ^= 0x87;
26	0	}
27
28
29		/**
30		* omac1_aes_vector - One-Key CBC MAC (OMAC1) hash with AES
31		* @key: Key for the hash operation
32		* @key_len: Key length in octets
33		* @num_elem: Number of elements in the data vector
34		* @addr: Pointers to the data areas
35		* @len: Lengths of the data blocks
36		* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
37		* Returns: 0 on success, -1 on failure
38		*
39		* This is a mode for using block cipher (AES in this case) for authentication.
40		* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
41		* (SP) 800-38B.
42		*/
43		int omac1_aes_vector(const u8 *key, size_t key_len, size_t num_elem,
44		const u8 addr[], const size_t len, u8 *mac)
45	0	{
46	0	void *ctx;
47	0	u8 cbc[AES_BLOCK_SIZE], pad[AES_BLOCK_SIZE];
48	0	const u8 pos, end;
49	0	size_t i, e, left, total_len;
50
51	0	if (TEST_FAIL())
52	0	return -1;
53
54	0	ctx = aes_encrypt_init(key, key_len);
55	0	if (ctx == NULL)
56	0	return -1;
57	0	os_memset(cbc, 0, AES_BLOCK_SIZE);
58
59	0	total_len = 0;
60	0	for (e = 0; e < num_elem; e++)
61	0	total_len += len[e];
62	0	left = total_len;
63
64	0	e = 0;
65	0	pos = addr[0];
66	0	end = pos + len[0];
67
68	0	while (left >= AES_BLOCK_SIZE) {
69	0	for (i = 0; i < AES_BLOCK_SIZE; i++) {
70	0	cbc[i] ^= *pos++;
71	0	if (pos >= end) {
72		/*
73		* Stop if there are no more bytes to process
74		* since there are no more entries in the array.
75		*/
76	0	if (i + 1 == AES_BLOCK_SIZE &&
77	0	left == AES_BLOCK_SIZE)
78	0	break;
79	0	e++;
80	0	pos = addr[e];
81	0	end = pos + len[e];
82	0	}
83	0	}
84	0	if (left > AES_BLOCK_SIZE)
85	0	aes_encrypt(ctx, cbc, cbc);
86	0	left -= AES_BLOCK_SIZE;
87	0	}
88
89	0	os_memset(pad, 0, AES_BLOCK_SIZE);
90	0	aes_encrypt(ctx, pad, pad);
91	0	gf_mulx(pad);
92
93	0	if (left \|\| total_len == 0) {
94	0	for (i = 0; i < left; i++) {
95	0	cbc[i] ^= *pos++;
96	0	if (pos >= end) {
97		/*
98		* Stop if there are no more bytes to process
99		* since there are no more entries in the array.
100		*/
101	0	if (i + 1 == left)
102	0	break;
103	0	e++;
104	0	pos = addr[e];
105	0	end = pos + len[e];
106	0	}
107	0	}
108	0	cbc[left] ^= 0x80;
109	0	gf_mulx(pad);
110	0	}
111
112	0	for (i = 0; i < AES_BLOCK_SIZE; i++)
113	0	pad[i] ^= cbc[i];
114	0	aes_encrypt(ctx, pad, mac);
115	0	aes_encrypt_deinit(ctx);
116	0	return 0;
117	0	}
118
119
120		/**
121		* omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
122		* @key: 128-bit key for the hash operation
123		* @num_elem: Number of elements in the data vector
124		* @addr: Pointers to the data areas
125		* @len: Lengths of the data blocks
126		* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
127		* Returns: 0 on success, -1 on failure
128		*
129		* This is a mode for using block cipher (AES in this case) for authentication.
130		* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
131		* (SP) 800-38B.
132		*/
133		int omac1_aes_128_vector(const u8 *key, size_t num_elem,
134		const u8 addr[], const size_t len, u8 *mac)
135	0	{
136	0	return omac1_aes_vector(key, 16, num_elem, addr, len, mac);
137	0	}
138
139
140		/**
141		* omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
142		* @key: 128-bit key for the hash operation
143		* @data: Data buffer for which a MAC is determined
144		* @data_len: Length of data buffer in bytes
145		* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
146		* Returns: 0 on success, -1 on failure
147		*
148		* This is a mode for using block cipher (AES in this case) for authentication.
149		* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
150		* (SP) 800-38B.
151		*/
152		int omac1_aes_128(const u8 key, const u8 data, size_t data_len, u8 *mac)
153	0	{
154	0	return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
155	0	}
156
157
158		/**
159		* omac1_aes_256 - One-Key CBC MAC (OMAC1) hash with AES-256 (aka AES-CMAC)
160		* @key: 256-bit key for the hash operation
161		* @data: Data buffer for which a MAC is determined
162		* @data_len: Length of data buffer in bytes
163		* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
164		* Returns: 0 on success, -1 on failure
165		*
166		* This is a mode for using block cipher (AES in this case) for authentication.
167		* OMAC1 was standardized with the name CMAC by NIST in a Special Publication
168		* (SP) 800-38B.
169		*/
170		int omac1_aes_256(const u8 key, const u8 data, size_t data_len, u8 *mac)
171	0	{
172	0	return omac1_aes_vector(key, 32, 1, &data, &data_len, mac);
173	0	}

Coverage Report

Created: 2026-05-30 06:12