diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 8accb1a872..52c1d2ddc7 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -32,7 +32,7 @@ #include #endif -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) +#if defined(WOLFSSL_CMAC) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ @@ -80,7 +80,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz) } #endif /* WOLFSSL_HASH_KEEP */ - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) /* Used by AES-SIV. See aes.c. */ void ShiftAndXorRb(byte* out, byte* in) { @@ -100,6 +100,7 @@ void ShiftAndXorRb(byte* out, byte* in) } } } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ /* returns 0 on success */ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, @@ -146,30 +147,40 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, return BAD_FUNC_ARG; } - ret = wc_AesInit(&cmac->aes, heap, devId); - -#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) - cmac->useSWCrypt = useSW; - if (cmac->useSWCrypt == 1) { - cmac->aes.useSWCrypt = 1; - } -#endif + switch (type) { +#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + cmac->type = WC_CMAC_AES; + ret = wc_AesInit(&cmac->aes, heap, devId); - if (ret == 0) { - ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); - } + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) + cmac->useSWCrypt = useSW; + if (cmac->useSWCrypt == 1) { + cmac->aes.useSWCrypt = 1; + } + #endif - if (ret == 0) { - byte l[AES_BLOCK_SIZE]; + if (ret == 0) { + ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); + } - XMEMSET(l, 0, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, l, l); if (ret == 0) { - ShiftAndXorRb(cmac->k1, l); - ShiftAndXorRb(cmac->k2, cmac->k1); - ForceZero(l, AES_BLOCK_SIZE); + byte l[AES_BLOCK_SIZE]; + + XMEMSET(l, 0, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, l, l); + if (ret == 0) { + ShiftAndXorRb(cmac->k1, l); + ShiftAndXorRb(cmac->k2, cmac->k1); + ForceZero(l, AES_BLOCK_SIZE); + } } + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + return BAD_FUNC_ARG; } + return ret; } @@ -201,7 +212,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, 0, NULL); + NULL, NULL, cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -211,26 +222,35 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) /* Clear CRYPTOCB_UNAVAILABLE return code */ ret = 0; - while ((ret == 0) && (inSz != 0)) { - word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); - XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); - - cmac->bufferSz += add; - in += add; - inSz -= add; - - if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { - if (cmac->totalSz != 0) { - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - } - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - cmac->totalSz += AES_BLOCK_SIZE; - cmac->bufferSz = 0; + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + while ((ret == 0) && (inSz != 0)) { + word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); + XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); + + cmac->bufferSz += add; + in += add; + inSz -= add; + + if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { + if (cmac->totalSz != 0) { + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + } + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, + cmac->buffer); + if (ret == 0) { + cmac->totalSz += AES_BLOCK_SIZE; + cmac->bufferSz = 0; + } } } + }; break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + ret = BAD_FUNC_ARG; } - return ret; } @@ -244,7 +264,16 @@ int wc_CmacFree(Cmac* cmac) * wc_CmacFinal() not called. */ XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - wc_AesFree(&cmac->aes); + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + wc_AesFree(&cmac->aes); + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + /* Nothing to do */ + (void)cmac; + } ForceZero(cmac, sizeof(Cmac)); return 0; } @@ -252,8 +281,6 @@ int wc_CmacFree(Cmac* cmac) int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) { int ret = 0; - const byte* subKey; - word32 remainder; if (cmac == NULL || out == NULL || outSz == NULL) { return BAD_FUNC_ARG; @@ -267,44 +294,64 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, + NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; - /* fall-through when unavailable */ - } -#endif - - if (cmac->bufferSz == AES_BLOCK_SIZE) { - subKey = cmac->k1; - } - else { - /* ensure we will have a valid remainder value */ - if (cmac->bufferSz > AES_BLOCK_SIZE) { - return BAD_STATE_E; - } - remainder = AES_BLOCK_SIZE - cmac->bufferSz; - if (remainder == 0) { - remainder = AES_BLOCK_SIZE; - } - if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); - } + /* Clear CRYPTOCB_UNAVAILABLE return code */ + ret = 0; - cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; - subKey = cmac->k2; + /* fall-through when unavailable */ } - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); +#endif if (ret == 0) { - XMEMCPY(out, cmac->digest, *outSz); + switch (cmac->type) { + #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + const byte* subKey; + word32 remainder; + + if (cmac->bufferSz == AES_BLOCK_SIZE) { + subKey = cmac->k1; + } + else { + /* ensure we will have a valid remainder value */ + if (cmac->bufferSz > AES_BLOCK_SIZE) { + ret = BAD_STATE_E; + break; + } + remainder = AES_BLOCK_SIZE - cmac->bufferSz; + + if (remainder == 0) { + remainder = AES_BLOCK_SIZE; + } + if (remainder > 1) { + XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, + remainder); + } + + cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; + subKey = cmac->k2; + } + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + if (ret == 0) { + XMEMCPY(out, cmac->digest, *outSz); + } + }; break; + #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + ret = BAD_FUNC_ARG; + } } - - return 0; + return ret; } -int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { +int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) +{ int ret = 0; if (cmac == NULL) @@ -314,7 +361,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { return ret; } - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) int wc_AesCmacGenerate_ex(Cmac* cmac, byte* out, word32* outSz, const byte* in, word32 inSz, @@ -334,8 +381,6 @@ int wc_AesCmacGenerate_ex(Cmac* cmac, if (devId != INVALID_DEVID) #endif { - cmac->devCtx = NULL; - ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz, WC_CMAC_AES, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) @@ -432,7 +477,8 @@ int wc_AesCmacVerify_ex(Cmac* cmac, word32 aSz = sizeof(a); int compareRet; - if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) { + if (cmac == NULL || check == NULL || checkSz == 0 || + (in == NULL && inSz != 0)) { return BAD_FUNC_ARG; } @@ -498,5 +544,6 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, return ret; } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ -#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */ +#endif /* WOLFSSL_CMAC */ diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index d510bb4382..216c515f55 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -85,6 +85,7 @@ static const char* GetAlgoTypeStr(int algo) case WC_ALGO_TYPE_RNG: return "RNG"; case WC_ALGO_TYPE_SEED: return "Seed"; case WC_ALGO_TYPE_HMAC: return "HMAC"; + case WC_ALGO_TYPE_CMAC: return "CMAC"; } return NULL; } @@ -104,6 +105,7 @@ static const char* GetPkTypeStr(int pk) } return NULL; } +#if !defined(NO_AES) || !defined(NO_DES3) static const char* GetCipherTypeStr(int cipher) { switch (cipher) { @@ -119,6 +121,7 @@ static const char* GetCipherTypeStr(int cipher) } return NULL; } +#endif /* !NO_AES || !NO_DES3 */ static const char* GetHashTypeStr(int hash) { switch (hash) { @@ -141,6 +144,16 @@ static const char* GetHashTypeStr(int hash) return NULL; } +#ifdef WOLFSSL_CMAC +static const char* GetCmacTypeStr(int type) +{ + switch (type) { + case WC_CMAC_AES: return "AES"; + } + return NULL; +} +#endif /* WOLFSSL_CMAC */ + #ifndef NO_RSA static const char* GetRsaType(int type) { @@ -186,12 +199,14 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) GetPkTypeStr(info->pk.type), info->pk.type); } } +#if !defined(NO_AES) || !defined(NO_DES3) else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), GetCipherTypeStr(info->cipher.type), info->cipher.type, info->cipher.ctx); } +#endif /* !NO_AES || !NO_DES3 */ else if (info->algo_type == WC_ALGO_TYPE_HASH) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -206,6 +221,17 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->hmac.macType, info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } +#ifdef WOLFSSL_CMAC + else if (info->algo_type == WC_ALGO_TYPE_CMAC) { + printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n", + GetAlgoTypeStr(info->algo_type), + GetCmacTypeStr(info->cmac.type), + info->cmac.type, info->cmac.cmac, + (info->cmac.key != NULL) ? "Init " : "", + (info->cmac.in != NULL) ? "Update " : "", + (info->cmac.out != NULL) ? "Final" : ""); + } +#endif #ifdef WOLF_CRYPTO_CB_CMD else if (info->algo_type == WC_ALGO_TYPE_NONE) { printf("Crypto CB: %s %s (%d)\n", @@ -1775,7 +1801,8 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz) return wc_CryptoCb_TranslateErrorCode(ret); } #endif /* !WC_NO_RNG */ -#ifdef WOLFSSL_CMAC + +#if defined(WOLFSSL_CMAC) int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32* outSz, int type, void* ctx) @@ -1791,7 +1818,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, /* locate first callback and try using it */ dev = wc_CryptoCb_FindDeviceByIndex(0); } - if (dev && dev->cb) { wc_CryptoInfo cryptoInfo; XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); @@ -1812,7 +1838,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif +#endif /* WOLFSSL_CMAC */ /* returns the default dev id for the current build */ int wc_CryptoCb_DefaultDevID(void) diff --git a/wolfssl/wolfcrypt/cmac.h b/wolfssl/wolfcrypt/cmac.h index 015a9a0a63..a1c05f9f1c 100644 --- a/wolfssl/wolfcrypt/cmac.h +++ b/wolfssl/wolfcrypt/cmac.h @@ -24,9 +24,12 @@ #define WOLF_CRYPT_CMAC_H #include -#include -#if !defined(NO_AES) && defined(WOLFSSL_CMAC) +#ifdef WOLFSSL_CMAC + +#ifndef NO_AES +#include +#endif #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) @@ -40,16 +43,22 @@ /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) +typedef enum CmacType { + WC_CMAC_AES = 1 +} CmacType; + #ifndef WC_CMAC_TYPE_DEFINED typedef struct Cmac Cmac; #define WC_CMAC_TYPE_DEFINED #endif struct Cmac { +#ifndef NO_AES Aes aes; byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ byte digest[AES_BLOCK_SIZE]; /* running digest */ byte k1[AES_BLOCK_SIZE]; byte k2[AES_BLOCK_SIZE]; +#endif word32 bufferSz; word32 totalSz; #ifdef WOLF_CRYPTO_CB @@ -70,16 +79,20 @@ struct Cmac { #ifdef WOLFSSL_SE050 byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */ #endif + CmacType type; }; -typedef enum CmacType { - WC_CMAC_AES = 1 -} CmacType; +#ifndef NO_AES #define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE #define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) +#else +/* Reasonable defaults */ +#define WC_CMAC_TAG_MAX_SZ 16 +#define WC_CMAC_TAG_MIN_SZ 4 +#endif #if FIPS_VERSION3_GE(6,0,0) extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2]; @@ -111,6 +124,7 @@ int wc_CmacFinal(Cmac* cmac, WOLFSSL_API int wc_CmacFree(Cmac* cmac); +#ifndef NO_AES WOLFSSL_API int wc_AesCmacGenerate(byte* out, word32* outSz, const byte* in, word32 inSz, @@ -134,10 +148,11 @@ int wc_AesCmacVerify_ex(Cmac* cmac, const byte* key, word32 keySz, void* heap, int devId); - WOLFSSL_LOCAL void ShiftAndXorRb(byte* out, byte* in); +#endif /* !NO_AES */ + #ifdef WOLFSSL_HASH_KEEP WOLFSSL_API int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); @@ -148,6 +163,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); #endif -#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* WOLFSSL_CMAC */ #endif /* WOLF_CRYPT_CMAC_H */