Coverage Report

Created: 2026-02-18 06:59

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/nss/botan/src/lib/mac/cmac/cmac.cpp
Line
Count
Source
1
/*
2
* CMAC
3
* (C) 1999-2007,2014 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/internal/cmac.h>
9
10
#include <botan/exceptn.h>
11
#include <botan/mem_ops.h>
12
#include <botan/internal/fmt.h>
13
#include <botan/internal/poly_dbl.h>
14
#include <botan/internal/stl_util.h>
15
16
namespace Botan {
17
18
/*
19
* Update an CMAC Calculation
20
*/
21
19.5k
void CMAC::add_data(std::span<const uint8_t> input) {
22
19.5k
   const size_t bs = output_length();
23
24
19.5k
   const size_t initial_fill = std::min(m_buffer.size() - m_position, input.size());
25
19.5k
   copy_mem(m_buffer.data() + m_position, input.data(), initial_fill);
26
27
19.5k
   if(m_position + input.size() > bs) {
28
868
      xor_buf(m_state, m_buffer, bs);
29
868
      m_cipher->encrypt(m_state);
30
31
868
      BufferSlicer in(input);
32
868
      in.skip(bs - m_position);
33
41.0k
      while(in.remaining() > bs) {
34
40.1k
         xor_buf(m_state, in.take(bs), bs);
35
40.1k
         m_cipher->encrypt(m_state);
36
40.1k
      }
37
38
868
      const auto remaining = in.take(in.remaining());
39
868
      copy_mem(m_buffer.data(), remaining.data(), remaining.size());
40
868
      m_position = remaining.size();
41
18.7k
   } else {
42
18.7k
      m_position += input.size();
43
18.7k
   }
44
19.5k
}
45
46
/*
47
* Finalize an CMAC Calculation
48
*/
49
343
void CMAC::final_result(std::span<uint8_t> mac) {
50
343
   xor_buf(m_state, m_buffer, m_position);
51
52
343
   if(m_position == output_length()) {
53
60
      xor_buf(m_state, m_B, output_length());
54
283
   } else {
55
283
      m_state[m_position] ^= 0x80;
56
283
      xor_buf(m_state, m_P, output_length());
57
283
   }
58
59
343
   m_cipher->encrypt(m_state);
60
61
343
   copy_mem(mac.data(), m_state.data(), output_length());
62
63
343
   zeroise(m_state);
64
343
   zeroise(m_buffer);
65
343
   m_position = 0;
66
343
}
67
68
0
bool CMAC::has_keying_material() const {
69
0
   return m_cipher->has_keying_material();
70
0
}
71
72
/*
73
* CMAC Key Schedule
74
*/
75
287
void CMAC::key_schedule(std::span<const uint8_t> key) {
76
287
   clear();
77
287
   m_cipher->set_key(key);
78
287
   m_cipher->encrypt(m_B);
79
287
   poly_double_n(m_B.data(), m_B.size());
80
287
   poly_double_n(m_P.data(), m_B.data(), m_P.size());
81
287
}
82
83
/*
84
* Clear memory of sensitive data
85
*/
86
287
void CMAC::clear() {
87
287
   m_cipher->clear();
88
287
   zeroise(m_state);
89
287
   zeroise(m_buffer);
90
287
   zeroise(m_B);
91
287
   zeroise(m_P);
92
287
   m_position = 0;
93
287
}
94
95
/*
96
* Return the name of this type
97
*/
98
21
std::string CMAC::name() const {
99
21
   return fmt("CMAC({})", m_cipher->name());
100
21
}
101
102
/*
103
* Return a new_object of this object
104
*/
105
0
std::unique_ptr<MessageAuthenticationCode> CMAC::new_object() const {
106
0
   return std::make_unique<CMAC>(m_cipher->new_object());
107
0
}
108
109
/*
110
* CMAC Constructor
111
*/
112
328
CMAC::CMAC(std::unique_ptr<BlockCipher> cipher) : m_cipher(std::move(cipher)), m_block_size(m_cipher->block_size()) {
113
328
   if(!poly_double_supported_size(m_block_size)) {
114
0
      throw Invalid_Argument(fmt("CMAC cannot use the {} bit cipher {}", m_block_size * 8, m_cipher->name()));
115
0
   }
116
117
328
   m_state.resize(output_length());
118
328
   m_buffer.resize(output_length());
119
328
   m_B.resize(output_length());
120
328
   m_P.resize(output_length());
121
328
   m_position = 0;
122
328
}
123
124
}  // namespace Botan