From 53e23b684f63676cb80b7f925243de05771e30c9 Mon Sep 17 00:00:00 2001 From: Brian Murray Date: Tue, 13 Sep 2016 14:00:15 -0700 Subject: [PATCH] Minor CMAC fixes for merge --- configs/config-thread.h | 1 + include/mbedtls/check_config.h | 5 +++++ include/mbedtls/cmac.h | 2 +- include/mbedtls/config.h | 2 +- library/cmac.c | 25 +++++++++++++------------ 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index 3193a0404..fdfa64aa4 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -39,6 +39,7 @@ /* mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES +#define MBEDTLS_CMAC_C #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 75cdcbc2f..8ebe438c0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -77,6 +77,11 @@ #error "MBEDTLS_DHM_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_CMAC_C) && \ + !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_DES_C) +#error "MBEDTLS_CMAC_C defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECDH_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 5a09761c2..10c8633c9 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -3,7 +3,7 @@ * * \brief The CMAC Mode for Authentication * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f6f431bfb..2a4964281 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1681,7 +1681,7 @@ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C or MBEDTLS_DES_C * */ -#define MBEDTLS_CMAC_C +//#define MBEDTLS_CMAC_C /** * \def MBEDTLS_CTR_DRBG_C diff --git a/library/cmac.c b/library/cmac.c index d8c809b41..e57e024bb 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -1,7 +1,8 @@ /* - * NIST SP800-38B compliant CMAC implementation + * \file cmac.c + * \brief NIST SP800-38B compliant CMAC implementation * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -20,9 +21,10 @@ */ /* - * Definition of CMAC: - * http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf - * RFC 4493 "The AES-CMAC Algorithm" + * References: + * - CMAC: NIST SP 800-38B + * - CMAC PRF: RFC 4493 + * - Additional test vectors: ISO/IEC 9797-1 */ #if !defined(MBEDTLS_CONFIG_FILE) @@ -72,7 +74,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx ) */ static int cmac_multiply_by_u( unsigned char *output, const unsigned char *input, - size_t blocksize ) + size_t blocksize ) { const unsigned char R_128 = 0x87; const unsigned char R_64 = 0x1B; @@ -151,7 +153,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx ) exit: if( L != NULL ) mbedtls_zeroize( L, sizeof( L ) ); - mbedtls_free( L ); + mbedtls_free( L ); return( ret ); } @@ -200,9 +202,8 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx, */ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) { - int block_size; - block_size = ctx->cipher_ctx.cipher_info->block_size; - + int block_size; + block_size = ctx->cipher_ctx.cipher_info->block_size; mbedtls_cipher_free( &ctx->cipher_ctx ); if( ctx->K1 != NULL ) @@ -220,7 +221,7 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ) * CBC and we use ECB mode, and anyway we need to XOR K1 or K2 in addition. */ static void cmac_pad( unsigned char padded_block[16], - size_t padded_block_len, + size_t padded_block_len, const unsigned char *last_block, size_t last_block_len ) { @@ -418,7 +419,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length, exit: mbedtls_zeroize( int_key, sizeof( int_key ) ); mbedtls_cmac_free( &ctx ); - return( ret ); + return( ret ); } #endif /* MBEDTLS_AES_C */