diff options
author | Simo Sorce <simo@redhat.com> | 2018-10-26 13:22:23 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2018-10-28 19:40:26 -0400 |
commit | e369b069428ca5e0393598acfbd00e950e905963 (patch) | |
tree | e510fae7f4dd497dd22a1dfac7f160df1a2bfa4c | |
parent | 60e4138e97731ccea98d864b949ca740e53a5b30 (diff) | |
download | gnutls-e369b069428ca5e0393598acfbd00e950e905963.tar.gz |
Add CMAC Support
Signed-off-by: Simo Sorce <simo@redhat.com>
-rw-r--r-- | lib/algorithms/mac.c | 8 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 4 | ||||
-rw-r--r-- | lib/nettle/mac.c | 32 |
3 files changed, 44 insertions, 0 deletions
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index 6573b35686..d027ca5ea4 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -153,6 +153,14 @@ static const mac_entry_st hash_algorithms[] = { .output_size = 64, .key_size = 64, .block_size = 64}, + {.name = "AES-CMAC-128", + .id = GNUTLS_MAC_AES_CMAC_128, + .output_size = 16, + .key_size = 16,}, + {.name = "AES-CMAC-256", + .id = GNUTLS_MAC_AES_CMAC_256, + .output_size = 16, + .key_size = 32}, {.name = "MAC-NULL", .id = GNUTLS_MAC_NULL}, {0, 0, 0, 0, 0, 0, 0, 0, 0} diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 786dcdf055..5dcbc1c986 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -275,6 +275,8 @@ typedef enum { * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher. * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm. * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm. + * @GNUTLS_MAC_AES_CMAC_128: The AES-CMAC-128 MAC algorithm. + * @GNUTLS_MAC_AES_CMAC_256: The AES-CMAC-256 MAC algorithm. * @GNUTLS_MAC_SHA3_224: Reserved; unimplemented. * @GNUTLS_MAC_SHA3_256: Reserved; unimplemented. * @GNUTLS_MAC_SHA3_384: Reserved; unimplemented. @@ -307,6 +309,8 @@ typedef enum { GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */ GNUTLS_MAC_UMAC_96 = 201, GNUTLS_MAC_UMAC_128 = 202, + GNUTLS_MAC_AES_CMAC_128 = 203, + GNUTLS_MAC_AES_CMAC_256 = 204, } gnutls_mac_algorithm_t; /** diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c index e46862d215..3d26c44e12 100644 --- a/lib/nettle/mac.c +++ b/lib/nettle/mac.c @@ -93,6 +93,8 @@ struct nettle_mac_ctx { #endif struct umac96_ctx umac96; struct umac128_ctx umac128; + struct cmac_aes128_ctx cmac128; + struct cmac_aes256_ctx cmac256; } ctx; void *ctx_ptr; @@ -120,6 +122,22 @@ _wrap_umac128_set_key(void *ctx, size_t len, const uint8_t * key) umac128_set_key(ctx, key); } +static void +_wrap_cmac128_set_key(void *ctx, size_t len, const uint8_t * key) +{ + if (unlikely(len != 16)) + abort(); + cmac_aes128_set_key(ctx, key); +} + +static void +_wrap_cmac256_set_key(void *ctx, size_t len, const uint8_t * key) +{ + if (unlikely(len != 32)) + abort(); + cmac_aes256_set_key(ctx, key); +} + static int _mac_ctx_init(gnutls_mac_algorithm_t algo, struct nettle_mac_ctx *ctx) { @@ -209,6 +227,20 @@ static int _mac_ctx_init(gnutls_mac_algorithm_t algo, ctx->ctx_ptr = &ctx->ctx.umac128; ctx->length = 16; break; + case GNUTLS_MAC_AES_CMAC_128: + ctx->update = (update_func) cmac_aes128_update; + ctx->digest = (digest_func) cmac_aes128_digest; + ctx->set_key = _wrap_cmac128_set_key; + ctx->ctx_ptr = &ctx->ctx.cmac128; + ctx->length = CMAC128_DIGEST_SIZE; + break; + case GNUTLS_MAC_AES_CMAC_256: + ctx->update = (update_func) cmac_aes256_update; + ctx->digest = (digest_func) cmac_aes256_digest; + ctx->set_key = _wrap_cmac256_set_key; + ctx->ctx_ptr = &ctx->ctx.cmac256; + ctx->length = CMAC128_DIGEST_SIZE; + break; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; |