Crypto++  8.2
Free C++ class library of cryptographic schemes
cmac.cpp
1 // cmac.cpp - originally written and placed in the public domain by Wei Dai
2 
3 #include "pch.h"
4 
5 #ifndef CRYPTOPP_IMPORTS
6 
7 #include "cmac.h"
8 #include "misc.h"
9 
10 ANONYMOUS_NAMESPACE_BEGIN
11 
12 using CryptoPP::byte;
14 
15 void MulU(byte *k, unsigned int len)
16 {
17  byte carry = 0;
18  for (int i=len-1; i>=1; i-=2)
19  {
20  byte carry2 = k[i] >> 7;
21  k[i] += k[i] + carry;
22  carry = k[i-1] >> 7;
23  k[i-1] += k[i-1] + carry2;
24  }
25 
26 #ifndef CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
27  CRYPTOPP_ASSERT(len == 16);
28 
29  if (carry)
30  {
31  k[15] ^= 0x87;
32  return;
33  }
34 #else
36  CRYPTOPP_ASSERT(len >= 8);
37  CRYPTOPP_ASSERT(len <= 128);
38 
39  if (carry)
40  {
41  switch (len)
42  {
43  case 8:
44  k[7] ^= 0x1b;
45  break;
46  case 16:
47  k[15] ^= 0x87;
48  break;
49  case 32:
50  // https://crypto.stackexchange.com/q/9815/10496
51  // Polynomial x^256 + x^10 + x^5 + x^2 + 1
52  k[30] ^= 4;
53  k[31] ^= 0x25;
54  break;
55  case 64:
56  // https://crypto.stackexchange.com/q/9815/10496
57  // Polynomial x^512 + x^8 + x^5 + x^2 + 1
58  k[62] ^= 1;
59  k[63] ^= 0x25;
60  break;
61  case 128:
62  // https://crypto.stackexchange.com/q/9815/10496
63  // Polynomial x^1024 + x^19 + x^6 + x + 1
64  k[125] ^= 8;
65  k[126] ^= 0x00;
66  k[127] ^= 0x43;
67  break;
68  default:
69  CRYPTOPP_ASSERT(0);
70  }
71  }
72 #endif // CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS
73 }
74 
75 ANONYMOUS_NAMESPACE_END
76 
77 NAMESPACE_BEGIN(CryptoPP)
78 
79 void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
80 {
81  BlockCipher &cipher = AccessCipher();
82  cipher.SetKey(key, length, params);
83 
84  unsigned int blockSize = cipher.BlockSize();
85  m_reg.CleanNew(3*blockSize);
86  m_counter = 0;
87 
88  cipher.ProcessBlock(m_reg, m_reg+blockSize);
89  MulU(m_reg+blockSize, blockSize);
90  memcpy(m_reg+2*blockSize, m_reg+blockSize, blockSize);
91  MulU(m_reg+2*blockSize, blockSize);
92 }
93 
94 void CMAC_Base::Update(const byte *input, size_t length)
95 {
96  CRYPTOPP_ASSERT((input && length) || !(input || length));
97  if (!length)
98  return;
99 
100  BlockCipher &cipher = AccessCipher();
101  unsigned int blockSize = cipher.BlockSize();
102 
103  if (m_counter > 0)
104  {
105  const unsigned int len = UnsignedMin(blockSize - m_counter, length);
106  if (len)
107  {
108  xorbuf(m_reg+m_counter, input, len);
109  length -= len;
110  input += len;
111  m_counter += len;
112  }
113 
114  if (m_counter == blockSize && length > 0)
115  {
116  cipher.ProcessBlock(m_reg);
117  m_counter = 0;
118  }
119  }
120 
121  if (length > blockSize)
122  {
123  CRYPTOPP_ASSERT(m_counter == 0);
124  size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
125  input += (length - leftOver);
126  length = leftOver;
127  }
128 
129  if (length > 0)
130  {
131  CRYPTOPP_ASSERT(m_counter + length <= blockSize);
132  xorbuf(m_reg+m_counter, input, length);
133  m_counter += (unsigned int)length;
134  }
135 
136  CRYPTOPP_ASSERT(m_counter > 0);
137 }
138 
139 void CMAC_Base::TruncatedFinal(byte *mac, size_t size)
140 {
141  ThrowIfInvalidTruncatedSize(size);
142 
143  BlockCipher &cipher = AccessCipher();
144  unsigned int blockSize = cipher.BlockSize();
145 
146  if (m_counter < blockSize)
147  {
148  m_reg[m_counter] ^= 0x80;
150  }
151  else
153 
154  memcpy(mac, m_reg, size);
155 
156  m_counter = 0;
157  memset(m_reg, 0, blockSize);
158 }
159 
160 NAMESPACE_END
161 
162 #endif
Utility functions for the Crypto++ library.
virtual void SetKey(const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
Sets or reset the key of this object.
Definition: cryptlib.cpp:58
should not modify block pointers
Definition: cryptlib.h:919
Classes for CMAC message authentication code.
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1278
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.
virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const
Encrypt and xor multiple blocks using additional flags.
Definition: cryptlib.cpp:141
Precompiled header file.
void ProcessBlock(const byte *inBlock, byte *outBlock) const
Encrypt or decrypt a block.
Definition: cryptlib.h:879
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be neagtive and incorrectly promoted.
Definition: misc.h:671
bool IsPowerOf2(const T &value)
Tests whether a value is a power of 2.
Definition: misc.h:987
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:69
Xor inputs before transformation.
Definition: cryptlib.h:921
CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.
Definition: misc.cpp:46
CMAC base implementation.
Definition: cmac.h:24
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.
Definition: cmac.cpp:139
Crypto++ library namespace.
void Update(const byte *input, size_t length)
Updates a hash with additional input.
Definition: cmac.cpp:94
Interface for retrieving values given their names.
Definition: cryptlib.h:321