TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2898f79795bf94964babc3e4a01bf67e7e89c176 / . / include / mbedtls / cmac.h
blob: ddacb2177d0bd0173f9518be1c49fd3ddc824a9f [file] [log] [blame]
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]1/**
2 * \file cmac.h
3 *
4 * \brief The CMAC Mode for Authentication
5 *
Brian Murray53e23b62016-09-13 14:00:15 -0700[diff] [blame]6 * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]7 * SPDX-License-Identifier: Apache-2.0
8 *
9 * Licensed under the Apache License, Version 2.0 (the "License"); you may
10 * not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
12 *
13 * http://www.apache.org/licenses/LICENSE-2.0
14 *
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 *
21 * This file is part of mbed TLS (https://tls.mbed.org)
22 */
23#ifndef MBEDTLS_CMAC_H
24#define MBEDTLS_CMAC_H
25
26#include "cipher.h"
27
28#define MBEDTLS_ERR_CMAC_BAD_INPUT -0x0011 /**< Bad input parameters to function. */
29#define MBEDTLS_ERR_CMAC_VERIFY_FAILED -0x0013 /**< Verification failed. */
Brian Murray06acc182016-05-24 15:53:52 -0700[diff] [blame]30#define MBEDTLS_ERR_CMAC_ALLOC_FAILED -0x0015 /**< Failed to allocate memory */
Brian Murray57863ad2016-05-19 16:38:36 -0700[diff] [blame]31
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]32
33#ifdef __cplusplus
34extern "C" {
35#endif
36
37/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]38 * \brief CMAC context structure
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]39 */
40typedef struct {
41 mbedtls_cipher_context_t cipher_ctx; /*!< cipher context used */
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]42 unsigned char* K1; /*!< CMAC Subkey 1 */
43 unsigned char* K2; /*!< CMAC Subkey 2 */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]44}
45mbedtls_cmac_context;
46
47/**
48 * \brief Initialize CMAC context (just makes references valid)
49 * Makes the context ready for mbedtls_cmac_setkey() or
50 * mbedtls_cmac_free().
51 *
52 * \param ctx CMAC context to initialize
53 */
54void mbedtls_cmac_init( mbedtls_cmac_context *ctx );
55
56/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]57 * \brief Initialize the CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]58 *
59 * \param ctx CMAC context to be initialized
Brian Murray72b69e32016-09-13 14:21:01 -0700[diff] [blame]60 * \param cipher cipher to use.
61 Cipher block size must be 8 bytes or 16 bytes.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]62 * \param key encryption key
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]63 * \param keybits encryption key size in bits (must be acceptable by the cipher)
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]64 *
65 * \return 0 if successful, or a cipher specific error code
66 */
67int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx,
68 mbedtls_cipher_id_t cipher,
69 const unsigned char *key,
70 unsigned int keybits );
71
72/**
73 * \brief Free a CMAC context and underlying cipher sub-context
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]74 * Securely wipes sub keys and other sensitive data.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]75 *
76 * \param ctx CMAC context to free
77 */
78void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
79
80/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]81 * \brief Generate a CMAC tag.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]82 *
83 * \param ctx CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]84 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]85 * \param in_len length of the input data in bytes
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]86 * \param tag buffer for holding the generated tag
87 * \param tag_len length of the tag to generate in bytes
Brian Murray72b69e32016-09-13 14:21:01 -0700[diff] [blame]88 * Must be 2, 4, 6, 8 if cipher block size is 8
89 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]90 *
91 * \return 0 if successful
92 */
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]93int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
94 const unsigned char *input, size_t in_len,
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]95 unsigned char *tag, size_t tag_len );
96
97/**
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]98 * \brief Verify a CMAC tag.
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]99 *
100 * \param ctx CMAC context
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]101 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]102 * \param in_len length of the input data in bytes
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]103 * \param tag buffer holding the tag to verify
104 * \param tag_len length of the tag to verify in bytes
Brian Murray72b69e32016-09-13 14:21:01 -0700[diff] [blame]105 * Must be 2, 4, 6, 8 if cipher block size is 8
106 * Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 16
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]107 * \return 0 if successful and authenticated
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]108 * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
109 */
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]110int mbedtls_cmac_verify( mbedtls_cmac_context *ctx,
111 const unsigned char *input, size_t in_len,
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]112 const unsigned char *tag, size_t tag_len );
113
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]114#ifdef MBEDTLS_AES_C
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]115/**
116 * \brief AES-CMAC-128-PRF
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]117 * See RFC 4615 for details
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]118 *
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]119 * \param key PRF key
120 * \param key_len PRF key length
121 * \param input buffer holding the input data
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]122 * \param in_len length of the input data in bytes
Brian Murray2898f792016-09-13 16:17:36 -0700[diff] [blame^]123 * \param tag buffer holding the generated pseudorandom output (16 bytes)
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]124 *
125 * \return 0 if successful
126 */
Brian Murrayb0c3c432016-05-18 14:29:51 -0700[diff] [blame]127int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
Manuel Pégourié-Gonnard690083c2016-01-13 10:48:02 +0000[diff] [blame]128 const unsigned char *input, size_t in_len,
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]129 unsigned char tag[16] );
130#endif /* MBEDTLS_AES_C */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]131
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]132#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]133/**
134 * \brief Checkup routine
135 *
136 * \return 0 if successful, or 1 if the test failed
137 */
138int mbedtls_cmac_self_test( int verbose );
Brian Murrayb439d452016-05-19 16:02:42 -0700[diff] [blame]139#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
Robert Cragie3d23b1d2015-12-15 07:38:11 +0000[diff] [blame]140
141#ifdef __cplusplus
142}
143#endif
144
145#endif /* MBEDTLS_CMAC_H */