Only compile AES CMAC PRF support if MBEDTLS_AES_C is defined and other cleanups

2025-03-27 19:15:11 +00:00 · 2016-05-19 16:02:42 -07:00 · 2016-05-19 16:02:42 -07:00 · afdb60f84f
parent d666eb5c11
commit afdb60f84f
2 changed files with 53 additions and 50 deletions
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -33,12 +33,12 @@ extern "C" {
 #endif
 /**
- * \brief          CCM context structure
+ * \brief          CMAC context structure
 */
 typedef struct {
    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
-    unsigned char* K1;
+    unsigned char* K1; /*!< CMAC Subkey 1 */
-    unsigned char* K2;
+    unsigned char* K2; /*!< CMAC Subkey 2 */
 }
 mbedtls_cmac_context;
@ -52,12 +52,12 @@ mbedtls_cmac_context;
 void mbedtls_cmac_init( mbedtls_cmac_context *ctx );
 /**
- * \brief           CMAC initialization
+ * \brief           Initialize the CMAC context
 *
 * \param ctx       CMAC context to be initialized
- * \param cipher    cipher to use (a 128-bit block cipher)
+ * \param cipher    cipher to use
 * \param key       encryption key
- * \param keybits   key size in bits (must be acceptable by the cipher)
+ * \param keybits   encryption key size in bits (must be acceptable by the cipher)
 *
 * \return          0 if successful, or a cipher specific error code
 */
@ -68,20 +68,22 @@ int mbedtls_cmac_setkey( mbedtls_cmac_context *ctx,
 /**
 * \brief           Free a CMAC context and underlying cipher sub-context
 *                  Securely wipes sub keys and other sensitive data.
 *
 * \param ctx       CMAC context to free
 */
 void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
 /**
- * \brief           CMAC generate
+ * \brief           Generate a CMAC tag.
 *
 * \param ctx       CMAC context
 * \param input     buffer holding the input data
 * \param in_len    length of the input data in bytes
 * \param tag       buffer for holding the generated tag
 * \param tag_len   length of the tag to generate in bytes
- *                  must be between 4, 6, 8, 10, 14 or 16
+ *                  Must be 4, 6, 8 if cipher block size is 64
 *                  Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128
 *
 * \return          0 if successful
 */
@ -90,47 +92,48 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
                           unsigned char *tag, size_t tag_len );
 /**
- * \brief           CMAC verify
+ * \brief           Verify a CMAC tag.
 *
 * \param ctx       CMAC context
 * \param input     buffer holding the input data
 * \param in_len    length of the input data in bytes
 * \param tag       buffer holding the tag to verify
 * \param tag_len   length of the tag to verify in bytes
- *                  must be 4, 6, 8, 10, 14 or 16
+ *                  Must be 4, 6, 8 if cipher block size is 64
- *
+ *                  Must be 4, 6, 8 0, 14 or 16 if cipher block size is 128
- * \return          0 if successful and authenticated,
+ * \return          0 if successful and authenticated
 *                  MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
 */
 int mbedtls_cmac_verify( mbedtls_cmac_context *ctx,
                         const unsigned char *input, size_t in_len,
                         const unsigned char *tag, size_t tag_len );
 #ifdef MBEDTLS_AES_C
 /**
 * \brief           AES-CMAC-128-PRF
- *  See RFC
+ *                  See RFC 4615 for details
 *
 * \param key       PRF key
 * \param key_len   PRF key length
 * \param input     buffer holding the input data
 * \param in_len    length of the input data in bytes
 * \param tag       buffer holding the tag to verify (16 bytes)
 *                  TODO: update description of tag
 *
 * \return          0 if successful
 */
 int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
                              const unsigned char *input, size_t in_len,
-                              unsigned char *tag );
+                              unsigned char tag[16] );
 #endif /* MBEDTLS_AES_C */
-#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
 /**
 * \brief          Checkup routine
 *
 * \return         0 if successful, or 1 if the test failed
 */
 int mbedtls_cmac_self_test( int verbose );
-#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
 #ifdef __cplusplus
 }
--- a/library/cmac.c
+++ b/library/cmac.c
@ -89,7 +89,7 @@ static int cmac_multiply_by_u( unsigned char *output,
    } else if( blocksize == 8 ) {
        R_n = R_64;
    } else {
-        return MBEDTLS_ERR_CMAC_BAD_INPUT;
+        return( MBEDTLS_ERR_CMAC_BAD_INPUT );
    }
@ -113,7 +113,7 @@ static int cmac_multiply_by_u( unsigned char *output,
 #endif
    output[starting_index] ^= R_n & mask;
-    return 0;
+    return( 0 );
 }
 /*
@ -149,7 +149,7 @@ static int cmac_generate_subkeys( mbedtls_cmac_context *ctx )
    exit:
        mbedtls_zeroize( L, sizeof( L ) );
 		free( L );
-        return ret;
+        return( ret );
 }
 /*
@ -341,16 +341,17 @@ int mbedtls_cmac_verify( mbedtls_cmac_context *ctx,
    exit:
 	    free( check_tag );
-        return ret;
+        return( ret );
 }
 #ifdef MBEDTLS_AES_C
 /*
 * PRF based on CMAC with AES-128
 * See RFC 4615
 */
 int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
                              const unsigned char *input, size_t in_len,
-                              unsigned char *tag )
+                              unsigned char tag[16] )
 {
    int ret;
    mbedtls_cmac_context ctx;
@ -393,9 +394,8 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
    exit:
 	     mbedtls_cmac_free( &ctx );
 	     return( ret );
 }
 #endif /* MBEDTLS_AES_C */
 #ifdef MBEDTLS_SELF_TEST
 /*