// We are doing CBC-MAC not CMAC at this time bool AES_CMAC_Validate(COSE_MacMessage * pcose, int KeySize, int TagSize, const byte * pbAuthData, int cbAuthData, cose_errback * perr) { CMAC_CTX * pctx = NULL; const EVP_CIPHER * pcipher = NULL; byte * rgbOut = NULL; size_t cbOut; bool f = false; unsigned int i; #ifdef USE_CBOR_CONTEXT cn_cbor_context * context = &pcose->m_message.m_allocContext; #endif pctx = CMAC_CTX_new(); switch (KeySize) { case 128: pcipher = EVP_aes_128_cbc(); break; case 256: pcipher = EVP_aes_256_cbc(); break; default: FAIL_CONDITION(COSE_ERR_INVALID_PARAMETER); break; } rgbOut = COSE_CALLOC(128/8, 1, context); CHECK_CONDITION(rgbOut != NULL, COSE_ERR_OUT_OF_MEMORY); CHECK_CONDITION(CMAC_Init(pctx, pcose->pbKey, pcose->cbKey, pcipher, NULL /*impl*/) == 1, COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Update(pctx, pbAuthData, cbAuthData), COSE_ERR_CRYPTO_FAIL); CHECK_CONDITION(CMAC_Final(pctx, rgbOut, &cbOut), COSE_ERR_CRYPTO_FAIL); cn_cbor * cn = _COSE_arrayget_int(&pcose->m_message, INDEX_MAC_TAG); CHECK_CONDITION(cn != NULL, COSE_ERR_CBOR); for (i = 0; i < (unsigned int)TagSize / 8; i++) f |= (cn->v.bytes[i] != rgbOut[i]); COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return !f; errorReturn: COSE_FREE(rgbOut, context); CMAC_CTX_cleanup(pctx); CMAC_CTX_free(pctx); return false; }
void CMAC_CTX_free(CMAC_CTX *ctx) { if (ctx == NULL) return; CMAC_CTX_cleanup(ctx); free(ctx); }
int FIPS_selftest_cmac() { size_t n, outlen; unsigned char out[32]; const EVP_CIPHER *cipher; CMAC_CTX *ctx = CMAC_CTX_new(); const CMAC_KAT *t; int rv = 1; for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) { cipher = FIPS_get_cipherbynid(t->nid); if (!cipher) { rv = -1; goto err; } if (!CMAC_Init(ctx, t->key, t->keysize / 8, cipher, 0)) { rv = -1; goto err; } if (!CMAC_Update(ctx, t->msg, t->msgsize / 8)) { rv = -1; goto err; } if (!CMAC_Final(ctx, out, &outlen)) { rv = -1; goto err; } CMAC_CTX_cleanup(ctx); if (outlen < t->macsize / 8 || memcmp(out, t->mac, t->macsize / 8)) { rv = 0; } } err: CMAC_CTX_free(ctx); if (rv == -1) { rv = 0; } if (!rv) FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC, FIPS_R_SELFTEST_FAILED); return rv; }
void CMAC_CTX_free(CMAC_CTX *ctx) { CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); }
int FIPS_selftest_cmac() { size_t n, outlen; unsigned char out[32]; const EVP_CIPHER *cipher; CMAC_CTX *ctx = CMAC_CTX_new(); const CMAC_KAT *t; int subid = -1, rv = 1; for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++) { cipher = FIPS_get_cipherbynid(t->nid); if (!cipher) { rv = -1; goto err; } subid = M_EVP_CIPHER_nid(cipher); if (!fips_post_started(FIPS_TEST_CMAC, subid, 0)) continue; if (!CMAC_Init(ctx, t->key, t->keysize/8, cipher, 0)) { rv = -1; goto err; } if (!CMAC_Update(ctx, t->msg, t->msgsize/8)) { rv = -1; goto err; } if (!fips_post_corrupt(FIPS_TEST_CMAC, subid, NULL)) { if (!CMAC_Update(ctx, t->msg, 1)) { rv = -1; goto err; } } if (!CMAC_Final(ctx, out, &outlen)) { rv = -1; goto err; } CMAC_CTX_cleanup(ctx); if(outlen < t->macsize/8 || memcmp(out,t->mac,t->macsize/8)) { fips_post_failed(FIPS_TEST_CMAC, subid, NULL); rv = 0; } else if (!fips_post_success(FIPS_TEST_CMAC, subid, NULL)) { rv = 0; goto err; } } err: CMAC_CTX_free(ctx); if (rv == -1) { fips_post_failed(FIPS_TEST_CMAC, subid, NULL); rv = 0; } if (!rv) FIPSerr(FIPS_F_FIPS_SELFTEST_CMAC,FIPS_R_SELFTEST_FAILED); return rv; }