1/* Copyright (c) (2013-2017,2019,2021,2022) Apple Inc. All rights reserved.
2 *
3 * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which
4 * is contained in the License.txt file distributed with corecrypto) and only to
5 * people who accept that license. IMPORTANT: Any license rights granted to you by
6 * Apple Inc. (if any) are limited to internal use within your organization only on
7 * devices and computers you own or control, for the sole purpose of verifying the
8 * security characteristics and correct functioning of the Apple Software. You may
9 * not, directly or indirectly, redistribute the Apple Software or any portions thereof.
10 */
11
12#ifndef _CORECRYPTO_CCCMAC_H_
13#define _CORECRYPTO_CCCMAC_H_
14
15#include <corecrypto/cc.h>
16#include <corecrypto/ccmode.h>
17#include <corecrypto/ccaes.h>
18
19CC_PTRCHECK_CAPABLE_HEADER()
20
21#define CMAC_BLOCKSIZE 16
22
23struct cccmac_ctx {
24 uint8_t k1[CMAC_BLOCKSIZE];
25 uint8_t k2[CMAC_BLOCKSIZE];
26 uint8_t block[CMAC_BLOCKSIZE];
27 size_t block_nbytes; // Number of byte occupied in block
28 size_t cumulated_nbytes; // Total size processed
29 const struct ccmode_cbc *cbc;
30 uint8_t ctx[1];
31} CC_ALIGNED(8);// cccmac_ctx_hdr;
32
33typedef struct cccmac_ctx* cccmac_ctx_t;
34
35#define cccmac_hdr_size sizeof(struct cccmac_ctx)
36
37#define cccmac_iv_size(_mode_) ((_mode_)->block_size)
38#define cccmac_cbc_size(_mode_) ((_mode_)->size)
39
40#define cccmac_ctx_size(_mode_) (cccmac_hdr_size + cccmac_iv_size(_mode_) + cccmac_cbc_size(_mode_))
41#define cccmac_ctx_n(_mode_) ccn_nof_size(cccmac_ctx_size(_mode_))
42
43#define cccmac_mode_decl(_mode_, _name_) cc_ctx_decl_vla(struct cccmac_ctx, cccmac_ctx_size(_mode_), _name_)
44#define cccmac_mode_clear(_mode_, _name_) cc_clear(cccmac_ctx_size(_mode_), _name_)
45
46/* Return a cccbc_ctx * which can be accesed with the macros in ccmode.h */
47#define cccmac_mode_ctx_start(_mode_, HC) (HC->ctx)
48#define CCCMAC_HDR(HC) (HC)
49
50#define cccmac_mode_sym_ctx(_mode_, HC) (cccbc_ctx *)(cccmac_mode_ctx_start(_mode_, HC))
51#define cccmac_mode_iv(_mode_, HC) (cccbc_iv *)(cccmac_mode_ctx_start(_mode_, HC)+cccmac_cbc_size(_mode_))
52#define cccmac_k1(HC) (CCCMAC_HDR(HC)->k1)
53#define cccmac_k2(HC) (CCCMAC_HDR(HC)->k2)
54#define cccmac_block(HC) (CCCMAC_HDR(HC)->block)
55#define cccmac_cbc(HC) (CCCMAC_HDR(HC)->cbc)
56#define cccmac_block_nbytes(HC) (CCCMAC_HDR(HC)->block_nbytes)
57#define cccmac_cumulated_nbytes(HC) (CCCMAC_HDR(HC)->cumulated_nbytes)
58
59
60/* CMAC as defined in NIST SP800-38B - 2005 */
61
62/* =============================================================================
63
64 ONE SHOT
65
66 ==============================================================================*/
67
68/*!
69 @function cccmac_one_shot_generate
70 @abstract CMAC generation in one call
71
72 @param cbc CBC and block cipher specification
73 @param key_nbytes Length of the key in bytes
74 @param key Pointer to the key of length key_nbytes
75 @param data_nbytes Length of the data in bytes
76 @param data Pointer to the data in bytes
77 @param mac_nbytes Length in byte of the mac, > 0
78 @param mac Output of length cbc->block_size
79
80 @result 0 iff successful.
81
82 @discussion Only supports CMAC_BLOCKSIZE block ciphers
83 */
84int cccmac_one_shot_generate(const struct ccmode_cbc *cbc,
85 size_t key_nbytes, const void *cc_sized_by(key_nbytes) key,
86 size_t data_nbytes, const void *cc_sized_by(data_nbytes) data,
87 size_t mac_nbytes, void *cc_sized_by(mac_nbytes) mac);
88
89/*!
90 @function cccmac_one_shot_verify
91 @abstract CMAC verification in one call
92
93 @param cbc CBC and block cipher specification
94 @param key_nbytes Length of the key in bytes
95 @param key Pointer to the key of length key_nbytes
96 @param data_nbytes Length of the data in bytes
97 @param data Pointer to the data in bytes
98 @param expected_mac_nbytes Length in byte of the mac, > 0
99 @param expected_mac Mac value expected
100
101 @result 0 iff successful.
102
103 @discussion Only supports CMAC_BLOCKSIZE block ciphers
104 */
105int cccmac_one_shot_verify(const struct ccmode_cbc *cbc,
106 size_t key_nbytes, const void *cc_sized_by(key_nbytes) key,
107 size_t data_nbytes, const void *cc_sized_by(data_nbytes) data,
108 size_t expected_mac_nbytes, const void *cc_sized_by(expected_mac_nbytes) expected_mac);
109
110/* =============================================================================
111
112 STREAMING
113
114 Init - Update - Final
115
116==============================================================================*/
117
118/*!
119 @function cccmac_init
120 @abstract Init CMAC context with CBC mode and key
121
122 @param cbc CBC and block cipher specification
123 @param ctx Context use to store internal state
124 @param key_nbytes Length of the key in bytes
125 @param key Full key
126
127 @result 0 iff successful.
128
129 @discussion Only supports CMAC_BLOCKSIZE block ciphers
130 */
131
132int cccmac_init(const struct ccmode_cbc *cbc,
133 cccmac_ctx_t ctx,
134 size_t key_nbytes, const void *cc_sized_by(key_nbytes) key);
135
136/*!
137 @function cccmac_update
138 @abstract Process data
139
140 @param ctx Context use to store internal state
141 @param data_nbytes Length in byte of the data
142 @param data Data to process
143
144 @result 0 iff successful.
145
146 @discussion Only supports CMAC_BLOCKSIZE block ciphers
147 */
148
149int cccmac_update(cccmac_ctx_t ctx,
150 size_t data_nbytes, const void *cc_sized_by(data_nbytes) data);
151
152/*!
153 @function cccmac_final_generate
154 @abstract Final step for generation
155
156 @param ctx Context use to store internal state
157 @param mac_nbytes Length in byte of the mac, > 0
158 @param mac Output of length mac_nbytes
159
160 @result 0 iff successful.
161
162 @discussion Only supports CMAC_BLOCKSIZE block ciphers
163 */
164int cccmac_final_generate(cccmac_ctx_t ctx,
165 size_t mac_nbytes, void *cc_sized_by(mac_nbytes) mac);
166
167/*!
168 @function cccmac_final_verify
169 @abstract Final step and verification
170
171 @param ctx Context use to store internal state
172 @param expected_mac_nbytes Length in byte of the mac, > 0
173 @param expected_mac Mac value expected
174
175 @result 0 iff successful.
176
177 @discussion Only supports CMAC_BLOCKSIZE block ciphers
178 */
179int cccmac_final_verify(cccmac_ctx_t ctx,
180 size_t expected_mac_nbytes, const void *cc_sized_by(expected_mac_nbytes) expected_mac);
181
182#endif // _CORECRYPTO_CCCMAC_H_
183