Lines Matching +full:stringop +full:- +full:overflow
4 * \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
7 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
13 * - NIST SP 800-38B Recommendation for Block Cipher Modes of Operation: The
15 * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf
17 * - RFC 4493 - The AES-CMAC Algorithm
20 * - RFC 4615 - The Advanced Encryption Standard-Cipher-based Message
21 * Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128)
25 * Additional test vectors: ISO/IEC 9797-1
46 * As explained in NIST SP 800-38B, this can be computed:
53 * Block size must be 8 bytes or 16 bytes - the block sizes for DES and AES.
61 uint32_t overflow = 0x00; in cmac_multiply_by_u() local
77 for (i = (int) blocksize - 4; i >= 0; i -= 4) { in cmac_multiply_by_u()
80 i32 = (i32 << 1) | overflow; in cmac_multiply_by_u()
82 overflow = new_overflow; in cmac_multiply_by_u()
86 output[blocksize - 1] ^= R_n; in cmac_multiply_by_u()
94 * - as specified by RFC 4493, section 2.3 Subkey Generation Algorithm
105 block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info); in cmac_generate_subkeys()
163 if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) { in mbedtls_cipher_cmac_starts()
172 type = mbedtls_cipher_info_get_type(ctx->cipher_info); in mbedtls_cipher_cmac_starts()
191 ctx->cmac_ctx = cmac_ctx; in mbedtls_cipher_cmac_starts()
193 mbedtls_platform_zeroize(cmac_ctx->state, sizeof(cmac_ctx->state)); in mbedtls_cipher_cmac_starts()
206 if (ctx == NULL || ctx->cipher_info == NULL || input == NULL || in mbedtls_cipher_cmac_update()
207 ctx->cmac_ctx == NULL) { in mbedtls_cipher_cmac_update()
211 cmac_ctx = ctx->cmac_ctx; in mbedtls_cipher_cmac_update()
212 block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info); in mbedtls_cipher_cmac_update()
213 state = ctx->cmac_ctx->state; in mbedtls_cipher_cmac_update()
215 /* Without the MBEDTLS_ASSUME below, gcc -O3 will generate a warning of the form in mbedtls_cipher_cmac_update()
216 * error: writing 16 bytes into a region of size 0 [-Werror=stringop-overflow=] */ in mbedtls_cipher_cmac_update()
221 if (cmac_ctx->unprocessed_len > 0 && in mbedtls_cipher_cmac_update()
222 ilen > block_size - cmac_ctx->unprocessed_len) { in mbedtls_cipher_cmac_update()
223 memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], in mbedtls_cipher_cmac_update()
225 block_size - cmac_ctx->unprocessed_len); in mbedtls_cipher_cmac_update()
227 mbedtls_xor_no_simd(state, cmac_ctx->unprocessed_block, state, block_size); in mbedtls_cipher_cmac_update()
234 input += block_size - cmac_ctx->unprocessed_len; in mbedtls_cipher_cmac_update()
235 ilen -= block_size - cmac_ctx->unprocessed_len; in mbedtls_cipher_cmac_update()
236 cmac_ctx->unprocessed_len = 0; in mbedtls_cipher_cmac_update()
240 n = (ilen + block_size - 1) / block_size; in mbedtls_cipher_cmac_update()
252 ilen -= block_size; in mbedtls_cipher_cmac_update()
258 memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len], in mbedtls_cipher_cmac_update()
261 cmac_ctx->unprocessed_len += ilen; in mbedtls_cipher_cmac_update()
279 if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL || in mbedtls_cipher_cmac_finish()
284 cmac_ctx = ctx->cmac_ctx; in mbedtls_cipher_cmac_finish()
285 block_size = mbedtls_cipher_info_get_block_size(ctx->cipher_info); in mbedtls_cipher_cmac_finish()
287 state = cmac_ctx->state; in mbedtls_cipher_cmac_finish()
293 last_block = cmac_ctx->unprocessed_block; in mbedtls_cipher_cmac_finish()
296 if (cmac_ctx->unprocessed_len < block_size) { in mbedtls_cipher_cmac_finish()
297 cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len); in mbedtls_cipher_cmac_finish()
319 cmac_ctx->unprocessed_len = 0; in mbedtls_cipher_cmac_finish()
320 mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, in mbedtls_cipher_cmac_finish()
321 sizeof(cmac_ctx->unprocessed_block)); in mbedtls_cipher_cmac_finish()
331 if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) { in mbedtls_cipher_cmac_reset()
335 cmac_ctx = ctx->cmac_ctx; in mbedtls_cipher_cmac_reset()
338 cmac_ctx->unprocessed_len = 0; in mbedtls_cipher_cmac_reset()
339 mbedtls_platform_zeroize(cmac_ctx->unprocessed_block, in mbedtls_cipher_cmac_reset()
340 sizeof(cmac_ctx->unprocessed_block)); in mbedtls_cipher_cmac_reset()
341 mbedtls_platform_zeroize(cmac_ctx->state, in mbedtls_cipher_cmac_reset()
342 sizeof(cmac_ctx->state)); in mbedtls_cipher_cmac_reset()
385 * Implementation of AES-CMAC-PRF-128 defined in RFC 4615
434 * CMAC test data for SP800-38B
438 * AES-CMAC-PRF-128 test data from RFC 4615
439 * https://tools.ietf.org/html/rfc4615#page-4
470 /* CMAC-AES128 Test Data */
511 /* CMAC-AES192 Test Data */
555 /* CMAC-AES256 Test Data */
610 /* CMAC-TDES (Generation) - 2 Key Test Data */
649 /* CMAC-TDES (Generation) - 3 Key Test Data */
691 /* AES AES-CMAC-PRF-128 Test Data */
769 * AES-192 may be unavailable. This should not cause the selftest in cmac_test_subkeys()
854 * AES-192 and/or 3DES may be unavailable. This should not cause in cmac_test_wth_cipher()
920 /* AES-128 */ in mbedtls_cmac_self_test()
945 /* AES-192 */ in mbedtls_cmac_self_test()
972 /* AES-256 */ in mbedtls_cmac_self_test()