docs/ref/cmac_8cpp_source.html

 // cmac.cpp - originally written and placed in the public domain by Wei Dai


 #include "pch.h"


 #ifndef CRYPTOPP_IMPORTS


 #include "cmac.h"

 #include "misc.h"


 ANONYMOUS_NAMESPACE_BEGIN


 using CryptoPP::byte;

 using CryptoPP::IsPowerOf2;


 void MulU(byte *k, unsigned int len)

 {

     byte carry = 0;

     for (int i=len-1; i>=1; i-=2)

     {

         byte carry2 = k[i] >> 7;

         k[i] += k[i] + carry;

         carry = k[i-1] >> 7;

         k[i-1] += k[i-1] + carry2;

     }


 #ifndef CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS

     CRYPTOPP_ASSERT(len == 16);


     if (carry)

     {

         k[15] ^= 0x87;

         return;

     }

 #else

     CRYPTOPP_ASSERT(IsPowerOf2(len));

     CRYPTOPP_ASSERT(len >= 8);

     CRYPTOPP_ASSERT(len <= 128);


     if (carry)

     {

         switch (len)

         {

         case 8:

             k[7] ^= 0x1b;

             break;

         case 16:

             k[15] ^= 0x87;

             break;

         case 32:

             // https://crypto.stackexchange.com/q/9815/10496

             // Polynomial x^256 + x^10 + x^5 + x^2 + 1

             k[30] ^= 4;

             k[31] ^= 0x25;

             break;

         case 64:

             // https://crypto.stackexchange.com/q/9815/10496

             // Polynomial x^512 + x^8 + x^5 + x^2 + 1

             k[62] ^= 1;

             k[63] ^= 0x25;

             break;

         case 128:

             // https://crypto.stackexchange.com/q/9815/10496

             // Polynomial x^1024 + x^19 + x^6 + x + 1

             k[125] ^= 8;

             k[126] ^= 0x00;

             k[127] ^= 0x43;

             break;

         default:

             CRYPTOPP_ASSERT(0);

         }

     }

 #endif  // CRYPTOPP_CMAC_WIDE_BLOCK_CIPHERS

 }


 ANONYMOUS_NAMESPACE_END


 NAMESPACE_BEGIN(CryptoPP)


 void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)

 {

     BlockCipher &cipher = AccessCipher();

     cipher.SetKey(key, length, params);


     unsigned int blockSize = cipher.BlockSize();

     m_reg.CleanNew(3*blockSize);

     m_counter = 0;


     cipher.ProcessBlock(m_reg, m_reg+blockSize);

     MulU(m_reg+blockSize, blockSize);

     std::memcpy(m_reg+2*blockSize, m_reg+blockSize, blockSize);

     MulU(m_reg+2*blockSize, blockSize);

 }


 void CMAC_Base::Update(const byte *input, size_t length)

 {

     CRYPTOPP_ASSERT((input && length) || !(input || length));

     if (!length)

         return;


     BlockCipher &cipher = AccessCipher();

     unsigned int blockSize = cipher.BlockSize();


     if (m_counter > 0)

     {

         const unsigned int len = UnsignedMin(blockSize - m_counter, length);

         if (len)

         {

             xorbuf(m_reg+m_counter, input, len);

             length -= len;

             input += len;

             m_counter += len;

         }


         if (m_counter == blockSize && length > 0)

         {

             cipher.ProcessBlock(m_reg);

             m_counter = 0;

         }

     }


     if (length > blockSize)

     {

         CRYPTOPP_ASSERT(m_counter == 0);

         size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);

         input += (length - leftOver);

         length = leftOver;

     }


     if (length > 0)

     {

         CRYPTOPP_ASSERT(m_counter + length <= blockSize);

         xorbuf(m_reg+m_counter, input, length);

         m_counter += (unsigned int)length;

     }


     CRYPTOPP_ASSERT(m_counter > 0);

 }


 void CMAC_Base::TruncatedFinal(byte *mac, size_t size)

 {

     ThrowIfInvalidTruncatedSize(size);


     BlockCipher &cipher = AccessCipher();

     unsigned int blockSize = cipher.BlockSize();


     if (m_counter < blockSize)

     {

         m_reg[m_counter] ^= 0x80;

         cipher.AdvancedProcessBlocks(m_reg, m_reg+2*blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);

     }

     else

         cipher.AdvancedProcessBlocks(m_reg, m_reg+blockSize, m_reg, blockSize, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);


     // UBsan finding

     if (mac)

         std::memcpy(mac, m_reg, size);


     m_counter = 0;

     std::memset(m_reg, 0, blockSize);

 }


 NAMESPACE_END


 #endif

BlockCipher
Interface for one direction (encryption or decryption) of a block cipher.
Definition: cryptlib.h:1288

BlockTransformation::ProcessBlock
void ProcessBlock(const byte *inBlock, byte *outBlock) const
Encrypt or decrypt a block.
Definition: cryptlib.h:884

BlockTransformation::AdvancedProcessBlocks
virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const
Encrypt and xor multiple blocks using additional flags.

BlockTransformation::BT_XorInput
@ BT_XorInput
Xor inputs before transformation.
Definition: cryptlib.h:926

BlockTransformation::BT_DontIncrementInOutPointers
@ BT_DontIncrementInOutPointers
should not modify block pointers
Definition: cryptlib.h:924

BlockTransformation::BlockSize
virtual unsigned int BlockSize() const =0
Provides the block size of the cipher.

CMAC_Base::Update
void Update(const byte *input, size_t length)
Updates a hash with additional input.

CMAC_Base::TruncatedFinal
void TruncatedFinal(byte *mac, size_t size)
Computes the hash of the current message.

CMAC_Base::UncheckedSetKey
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs &params)
Sets the key for this object without performing parameter validation.

NameValuePairs
Interface for retrieving values given their names.
Definition: cryptlib.h:327

SecBlock::CleanNew
void CleanNew(size_type newSize)
Change size without preserving contents.
Definition: secblock.h:1143

SimpleKeyingInterface::SetKey
virtual void SetKey(const byte *key, size_t length, const NameValuePairs &params=g_nullNameValuePairs)
Sets or reset the key of this object.

cmac.h
Classes for CMAC message authentication code.

byte
unsigned char byte
8-bit unsigned datatype
Definition: config_int.h:66

misc.h
Utility functions for the Crypto++ library.

IsPowerOf2
bool IsPowerOf2(const T &value)
Tests whether a value is a power of 2.
Definition: misc.h:1215

UnsignedMin
const T1 UnsignedMin(const T1 &a, const T2 &b)
Safe comparison of values that could be negative and incorrectly promoted.
Definition: misc.h:695

xorbuf
CRYPTOPP_DLL void xorbuf(byte *buf, const byte *mask, size_t count)
Performs an XOR of a buffer with a mask.

CryptoPP
Crypto++ library namespace.

pch.h
Precompiled header file.

CRYPTOPP_ASSERT
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Definition: trap.h:68