Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 3e02f91..fed337d 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -33,12 +33,12 @@
#endif
/**
- * \brief CCM context structure
+ * \brief CMAC context structure
*/
typedef struct {
mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */
- unsigned char* K1;
- unsigned char* K2;
+ unsigned char* K1; /*!< CMAC Subkey 1 */
+ unsigned char* K2; /*!< CMAC Subkey 2 */
}
mbedtls_cmac_context;
@@ -52,12 +52,12 @@
void mbedtls_cmac_init( mbedtls_cmac_context *ctx );
/**
- * \brief CMAC initialization
+ * \brief Initialize the CMAC context
*
* \param ctx CMAC context to be initialized
- * \param cipher cipher to use (a 128-bit block cipher)
+ * \param cipher cipher to use
* \param key encryption key
- * \param keybits key size in bits (must be acceptable by the cipher)
+ * \param keybits encryption key size in bits (must be acceptable by the cipher)
*
* \return 0 if successful, or a cipher specific error code
*/
@@ -68,20 +68,22 @@
/**
* \brief Free a CMAC context and underlying cipher sub-context
+ * Securely wipes sub keys and other sensitive data.
*
* \param ctx CMAC context to free
*/
void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
/**
- * \brief CMAC generate
+ * \brief Generate a CMAC tag.
*
* \param ctx CMAC context
* \param input buffer holding the input data
* \param in_len length of the input data in bytes
* \param tag buffer for holding the generated tag
* \param tag_len length of the tag to generate in bytes
- * must be between 4, 6, 8, 10, 14 or 16
+ * Must be 4, 6, 8 if cipher block size is 64
+ * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128
*
* \return 0 if successful
*/
@@ -90,47 +92,48 @@
unsigned char *tag, size_t tag_len );
/**
- * \brief CMAC verify
+ * \brief Verify a CMAC tag.
*
* \param ctx CMAC context
* \param input buffer holding the input data
* \param in_len length of the input data in bytes
* \param tag buffer holding the tag to verify
* \param tag_len length of the tag to verify in bytes
- * must be 4, 6, 8, 10, 14 or 16
- *
- * \return 0 if successful and authenticated,
+ * Must be 4, 6, 8 if cipher block size is 64
+ * Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128
+ * \return 0 if successful and authenticated
* MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
*/
int mbedtls_cmac_verify( mbedtls_cmac_context *ctx,
const unsigned char *input, size_t in_len,
const unsigned char *tag, size_t tag_len );
+#ifdef MBEDTLS_AES_C
/**
* \brief AES-CMAC-128-PRF
- * See RFC
+ * See RFC 4615 for details
*
* \param key PRF key
* \param key_len PRF key length
* \param input buffer holding the input data
* \param in_len length of the input data in bytes
* \param tag buffer holding the tag to verify (16 bytes)
- * TODO: update description of tag
*
* \return 0 if successful
*/
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
const unsigned char *input, size_t in_len,
- unsigned char *tag );
+ unsigned char tag[16] );
+#endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
*/
int mbedtls_cmac_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
#ifdef __cplusplus
}