No CMAC minimum tag length is specified by NIST SP800-38B A

Minor Typo Changes
This commit is contained in:
Brian Murray 2016-05-19 19:05:57 -07:00 committed by Simon Butcher
parent 617634e656
commit 87e4040bb9
2 changed files with 31 additions and 35 deletions

View file

@ -84,8 +84,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
* \param in_len length of the input data in bytes * \param in_len length of the input data in bytes
* \param tag buffer for holding the generated tag * \param tag buffer for holding the generated tag
* \param tag_len length of the tag to generate in bytes * \param tag_len length of the tag to generate in bytes
* Must be 4, 6, 8 if cipher block size is 64 * Must be 2, 4, 6, 8 if cipher block size is 64
* Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
* *
* \return 0 if successful * \return 0 if successful
*/ */
@ -101,8 +101,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
* \param in_len length of the input data in bytes * \param in_len length of the input data in bytes
* \param tag buffer holding the tag to verify * \param tag buffer holding the tag to verify
* \param tag_len length of the tag to verify in bytes * \param tag_len length of the tag to verify in bytes
* Must be 4, 6, 8 if cipher block size is 64 * Must be 2, 4, 6, 8 if cipher block size is 64
* Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
* \return 0 if successful and authenticated * \return 0 if successful and authenticated
* MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
*/ */

View file

@ -62,7 +62,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx )
/* /*
* Multiplication by u in the Galois field of GF(2^n) * Multiplication by u in the Galois field of GF(2^n)
* *
* As explained in the paper, this can computed: * As explained in the paper, this can be computed:
* If MSB(p) = 0, then p = (p << 1) * If MSB(p) = 0, then p = (p << 1)
* If MSB(p) = 1, then p = (p << 1) ^ R_n * If MSB(p) = 1, then p = (p << 1) ^ R_n
* with R_64 = 0x1B and R_128 = 0x87 * with R_64 = 0x1B and R_128 = 0x87
@ -245,7 +245,7 @@ static void cmac_pad( unsigned char padded_block[16],
( o )[i] = ( i1 )[i] ^ ( i2 )[i]; ( o )[i] = ( i1 )[i] ^ ( i2 )[i];
/* /*
* Update the CMAC state using an input block x * Update the CMAC state using an input block
*/ */
#define UPDATE_CMAC( x ) \ #define UPDATE_CMAC( x ) \
do { \ do { \
@ -283,11 +283,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
goto exit; goto exit;
} }
/* if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 )
* Check in_len requirements: SP800-38B A
* 4 is a worst case bottom limit
*/
if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 )
{ {
ret = MBEDTLS_ERR_CMAC_BAD_INPUT; ret = MBEDTLS_ERR_CMAC_BAD_INPUT;
goto exit; goto exit;
@ -495,9 +491,9 @@ static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL
/* AES 192 CMAC Test Data */ /* AES 192 CMAC Test Data */
static const unsigned char aes_192_key[24] = { static const unsigned char aes_192_key[24] = {
0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
}; };
static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = { static const unsigned char aes_192_subkeys[2][AES_BLOCK_SIZE] = {
{ {
@ -530,10 +526,10 @@ static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][AES_BL
/* AES 256 CMAC Test Data */ /* AES 256 CMAC Test Data */
static const unsigned char aes_256_key[32] = { static const unsigned char aes_256_key[32] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
}; };
static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = { static const unsigned char aes_256_subkeys[2][AES_BLOCK_SIZE] = {
{ {
@ -576,9 +572,9 @@ static const unsigned int des3_message_lengths[NB_CMAC_TESTS_PER_KEY] = {
/* 3DES 2 Key CMAC Test Data */ /* 3DES 2 Key CMAC Test Data */
static const unsigned char des3_2key_key[24] = { static const unsigned char des3_2key_key[24] = {
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5, 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5,
0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38, 0x8a, 0x3d, 0x10, 0xba, 0x80, 0x57, 0x0d, 0x38,
0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5 0x4c, 0xf1, 0x51, 0x34, 0xa2, 0x85, 0x0d, 0xd5
}; };
static const unsigned char des3_2key_subkeys[2][8] = { static const unsigned char des3_2key_subkeys[2][8] = {
{ {
@ -605,9 +601,9 @@ static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][DES3
/* 3DES 3 Key CMAC Test Data */ /* 3DES 3 Key CMAC Test Data */
static const unsigned char des3_3key_key[24] = { static const unsigned char des3_3key_key[24] = {
0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62, 0x8a, 0xa8, 0x3b, 0xf8, 0xcb, 0xda, 0x10, 0x62,
0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58, 0x0b, 0xc1, 0xbf, 0x19, 0xfb, 0xb6, 0xcd, 0x58,
0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5 0xbc, 0x31, 0x3d, 0x4a, 0x37, 0x1c, 0xa8, 0xb5
}; };
static const unsigned char des3_3key_subkeys[2][8] = { static const unsigned char des3_3key_subkeys[2][8] = {
{ {
@ -673,18 +669,18 @@ static const unsigned char PRFT[NB_PRF_TESTS][16] = {
#endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_AES_C */
int test_cmac_with_cipher( int verbose, int test_cmac_with_cipher( int verbose,
char* testname, char* testname,
const unsigned char* key, const unsigned char* key,
int keybits, int keybits,
const unsigned char* messages, const unsigned char* messages,
const unsigned int message_lengths[4], const unsigned int message_lengths[4],
const unsigned char* subkeys, const unsigned char* subkeys,
const unsigned char* expected_result, const unsigned char* expected_result,
mbedtls_cipher_id_t cipher_id, mbedtls_cipher_id_t cipher_id,
int block_size ) int block_size )
{ {
const int num_tests = 4; const int num_tests = 4;
mbedtls_cmac_context ctx; mbedtls_cmac_context ctx;
int i, ret; int i, ret;
unsigned char* tag; unsigned char* tag;