diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 282d549a4..3b5c13e99 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -77,24 +77,24 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx ); * \brief CMAC generate * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer for holding the generated tag * \param tag_len length of the tag to generate in bytes * must be between 4, 6, 8, 10, 14 or 16 * * \return 0 if successful */ -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ); /** * \brief CMAC verify * * \param ctx CMAC context - * \param length length of the input data in bytes * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify * \param tag_len length of the tag to verify in bytes * must be 4, 6, 8, 10, 14 or 16 @@ -102,25 +102,25 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, * \return 0 if successful and authenticated, * MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ); /** * \brief AES-CMAC-128-PRF * * \param ctx CMAC context - * \param length length of the input data in bytes * \param key PRF key * \param key_len PRF key length * \param input buffer holding the input data + * \param in_len length of the input data in bytes * \param tag buffer holding the tag to verify (16 bytes) * * \return 0 if successful */ -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_len, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ); #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) diff --git a/library/cmac.c b/library/cmac.c index 2ba58b6fa..0d93c9736 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -200,8 +200,8 @@ static void padding(const unsigned char *lastb, unsigned char *pad, const size_t /* * Generate tag on complete message */ -static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +static int cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { unsigned char Mn[16]; @@ -211,7 +211,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, size_t olen; /* - * Check length requirements: SP800-38B A + * Check in_len requirements: SP800-38B A * 4 is a worst case bottom limit */ if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 ) @@ -220,7 +220,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, /* TODO: Use cipher padding function? */ // mbedtls_cipher_set_padding_mode( ctx->cipher, MBEDTLS_PADDING_ONE_AND_ZEROS ); - n = ( length + 15 ) / 16; /* n is number of rounds */ + n = ( in_len + 15 ) / 16; /* n is number of rounds */ if( n == 0 ) { @@ -229,7 +229,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, } else { - flag = ( ( length % 16 ) == 0); + flag = ( ( in_len % 16 ) == 0); } /* Calculate last block */ @@ -241,7 +241,7 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, else { /* TODO: Use cipher padding function? */ - padding( &input[16 * (n - 1)], padded, length % 16 ); + padding( &input[16 * (n - 1)], padded, in_len % 16 ); XOR_128( padded, ctx->K2, M_last ); } @@ -259,18 +259,18 @@ static int cmac_generate( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_generate( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, unsigned char *tag, size_t tag_len ) { - return( cmac_generate( ctx, length, input, tag, tag_len ) ); + return( cmac_generate( ctx, input, in_len, tag, tag_len ) ); } /* * Authenticated decryption */ -int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, - const unsigned char *input, +int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, + const unsigned char *input, size_t in_len, const unsigned char *tag, size_t tag_len ) { int ret; @@ -278,7 +278,7 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, unsigned char i; int diff; - if( ( ret = cmac_generate( ctx, length, input, check_tag, tag_len) ) != 0 ) + if( ( ret = cmac_generate( ctx, input, in_len, check_tag, tag_len) ) != 0 ) { return ret; } @@ -297,9 +297,9 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx, size_t length, return( 0 ); } -int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, +int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, const unsigned char *key, size_t key_length, - const unsigned char *input, + const unsigned char *input, size_t in_len, unsigned char *tag ) { int ret; @@ -323,7 +323,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - ret = mbedtls_cmac_generate( &zero_ctx, key_length, key, int_key, 16 ); + ret = mbedtls_cmac_generate( &zero_ctx, key, key_length, int_key, 16 ); if( ret != 0 ) { return( ret ); @@ -335,7 +335,7 @@ int mbedtls_aes_cmac_prf_128( mbedtls_cmac_context *ctx, size_t length, { return( ret ); } - return( mbedtls_cmac_generate( ctx, length, input, tag, 16 ) ); + return( mbedtls_cmac_generate( ctx, input, in_len, tag, 16 ) ); } #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) @@ -473,7 +473,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-128-CMAC #%u: ", i ); - ret = mbedtls_cmac_generate( &ctx, Mlen[i], M, tag, 16 ); + ret = mbedtls_cmac_generate( &ctx, M, Mlen[i], tag, 16 ); if( ret != 0 || memcmp( tag, T[i], 16 ) != 0 ) { @@ -482,7 +482,7 @@ int mbedtls_cmac_self_test( int verbose ) return( 1 ); } - ret = mbedtls_cmac_verify( &ctx, Mlen[i], M, T[i], 16 ); + ret = mbedtls_cmac_verify( &ctx, M, Mlen[i], T[i], 16 ); if( ret != 0 ) { if( verbose != 0 ) @@ -499,7 +499,7 @@ int mbedtls_cmac_self_test( int verbose ) { mbedtls_printf( " AES-CMAC-128-PRF #%u: ", i ); - mbedtls_aes_cmac_prf_128( &ctx, 20, PRFK, PRFKlen[i], PRFM, tag); + mbedtls_aes_cmac_prf_128( &ctx, PRFK, PRFKlen[i], PRFM, 20, tag); if( ret != 0 || memcmp( tag, PRFT[i], 16 ) != 0 )