Crypto++ 8.9
Free C++ class library of cryptographic schemes
cmac.cpp
1// cmac.cpp - originally written and placed in the public domain by Wei Dai
2
3#include "pch.h"
4
5#ifndef CRYPTOPP_IMPORTS
6
7#include "cmac.h"
8#include "misc.h"
9
10ANONYMOUS_NAMESPACE_BEGIN
11
12using CryptoPP::byte;
13using CryptoPP::IsPowerOf2;
14
15void MulU(byte *k, unsigned int len)
16{
17 byte carry = 0;
18 for (int i=len-1; i>=1; i-=2)
19 {
20 byte carry2 = k[i] >> 7;
21 k[i] += k[i] + carry;
22 carry = k[i-1] >> 7;
23 k[i-1] += k[i-1] + carry2;
24 }
25
26#ifndef CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
27 CRYPTOPP_ASSERT(len == 16);
28
29 if (carry)
30 {
31 k[15] ^= 0x87;
32 return;
33 }
34#else
36 CRYPTOPP_ASSERT(len >= 8);
37 CRYPTOPP_ASSERT(len <= 128);
38
39 if (carry)
40 {
41 switch (len)
42 {
43 case 8:
44 k[7] ^= 0x1b;
45 break;
46 case 16:
47 k[15] ^= 0x87;
48 break;
49 case 32:
50 // https://crypto.stackexchange.com/q/9815/10496
51 // Polynomial x^256 + x^10 + x^5 + x^2 + 1
52 k[30] ^= 4;
53 k[31] ^= 0x25;
54 break;
55 case 64:
56 // https://crypto.stackexchange.com/q/9815/10496
57 // Polynomial x^512 + x^8 + x^5 + x^2 + 1
58 k[62] ^= 1;
59 k[63] ^= 0x25;
60 break;
61 case 128:
62 // https://crypto.stackexchange.com/q/9815/10496
63 // Polynomial x^1024 + x^19 + x^6 + x + 1
64 k[125] ^= 8;
65 k[126] ^= 0x00;
66 k[127] ^= 0x43;
67 break;
68 default:
70 }
71 }
72#endif // CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
73}
74
75ANONYMOUS_NAMESPACE_END
76
77NAMESPACE_BEGIN(CryptoPP)
78
79void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
80{
81 BlockCipher &cipher = AccessCipher();
82 cipher.SetKey(key, length, params);
83
84 unsigned int blockSize = cipher.BlockSize();
85 m_reg.CleanNew(3*blockSize);
86 m_counter = 0;
87
88 cipher.ProcessBlock(m_reg, m_reg+blockSize);
89 MulU(m_reg+blockSize, blockSize);
90 std::memcpy(m_reg+2*blockSize, m_reg+blockSize, blockSize);
91 MulU(m_reg+2*blockSize, blockSize);
92}
93
94void CMAC_Base::Update(const byte *input, size_t length)
95{
96 CRYPTOPP_ASSERT((input && length) || !(input || length));
97 if (!length)
98 return;
99
100 BlockCipher &cipher = AccessCipher();
101 unsigned int blockSize = cipher.BlockSize();
102
103 if (m_counter > 0)
104 {
105 const unsigned int len = UnsignedMin(blockSize - m_counter, length);
106 if (len)
107 {
108 xorbuf(m_reg+m_counter, input, len);
109 length -= len;
110 input += len;
111 m_counter += len;
112 }
113
114 if (m_counter == blockSize && length > 0)
115 {
116 cipher.ProcessBlock(m_reg);
117 m_counter = 0;
118 }
119 }
120
121 if (length > blockSize)
122 {
123 CRYPTOPP_ASSERT(m_counter == 0);
124 size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
125 input += (length - leftOver);
126 length = leftOver;
127 }
128
129 if (length > 0)
130 {
131 CRYPTOPP_ASSERT(m_counter + length <= blockSize);
132 xorbuf(m_reg+m_counter, input, length);
133 m_counter += (unsigned int)length;
134 }
135
136 CRYPTOPP_ASSERT(m_counter > 0);
137}
138
139void CMAC_Base::TruncatedFinal(byte *mac, size_t size)
140{
141 ThrowIfInvalidTruncatedSize(size);
142
143 BlockCipher &cipher = AccessCipher();
144 unsigned int blockSize = cipher.BlockSize();
145
146 if (m_counter < blockSize)
147 {
148 m_reg[m_counter] ^= 0x80;
150 }
151 else
153
154 // UBsan finding
155 if (mac)
156 std::memcpy(mac, m_reg, size);
157
158 m_counter = 0;
159 std::memset(m_reg, 0, blockSize);
160}
161
162NAMESPACE_END
163
164#endif
Interface for one direction (encryption or decryption) of a block cipher.
Definition cryptlib.h:1288
void ProcessBlock(const byte *inBlock, byte *outBlock) const
Encrypt or decrypt a block.
Definition cryptlib.h:884
virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const
Encrypt and xor multiple blocks using additional flags.
@ BT_XorInput
Xor inputs before transformation.
Definition cryptlib.h:926
@ BT_DontIncrementInOutPointers
should not modify block pointers
Definition cryptlib.h:924
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.
Interface for retrieving values given their names.
Definition cryptlib.h:327
void CleanNew(size_type newSize)
Change size without preserving contents.
Definition secblock.h:1143
virtual void SetKey(const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
Sets or reset the key of this object.
Classes for CMAC message authentication code.
Utility functions for the Crypto++ library.
bool IsPowerOf2(const T &value)
Tests whether a value is a power of 2.
Definition misc.h:1215
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be negative and incorrectly promoted.
Definition misc.h:695
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Crypto++ library namespace.
Precompiled header file.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition trap.h:68