[catacomb] / symm / cmac-def.h

/* -*-c-*-
 *
 * The CMAC message-authentication code
 *
 * (c) 2017 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_CMAC_DEF_H
#define CATACOMB_CMAC_DEF_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#include <string.h>

#include <mLib/bits.h>
#include <mLib/sub.h>

#ifndef CATACOMB_ARENA_H
#  include "arena.h"
#endif

#ifndef CATACOMB_BLKC_H
#  include "blkc.h"
#endif

#ifndef CATACOMB_GMAC_H
#  include "gmac.h"
#endif

#ifndef CATACOMB_PARANOIA_H
#  include "paranoia.h"
#endif

#ifndef CATACOMB_RSVR_H
#  include "rsvr.h"
#endif

/*----- Low-level OMAC definitions ----------------------------------------*/

/* --- @OMAC_BLOCK@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *		@pre_ctx *k@ = pointer to expanded blockcipher key
 *		@uint32 *a@ = accumulator state to update
 *		@octet *p@ = pointer to input block to accumulate
 *
 * Use:		Update the state @a@ from the input block @p@.
 */

#define OMAC_BLOCK(PRE, pre, k, a, p) do {				\
  pre##_ctx *_k = (k); uint32 *_a = (a); const octet *_pp = (p);	\
  BLKC_XLOAD(PRE, _a, _pp); pre##_eblk(_k, _a, _a);			\
} while (0)

/* --- @OMAC_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates low-level implementation for the OMAC message-
 *		authentication mode.
 */

#define OMAC_DEF(PRE, pre)						\
									\
/* Buffering policy for OMAC. */					\
const rsvr_policy pre##_omacpolicy =					\
  { RSVRF_FULL, PRE##_BLKSZ, PRE##_BLKSZ };				\
									\
/* --- @pre_omacmasks@ --- *						\
 *									\
 * Arguments:	@pre_ctx *k@ = pointer to expanded blockcipher key	\
 *		@uint32 *m0, *m1@ = buffers to store the masks		\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initialize the OMAC masks.  The mask buffers are	\
 *		@PRE_BLKSZ/4@ words long.  The mmask @m0@ is applied to	\
 *		messages which are a whole number of blocks long; @m1@	\
 *		is applied to messages with an incomplete final block,	\
 *		following the 10* padding.				\
 */									\
									\
void pre##_omacmasks(pre##_ctx *k, uint32 *m0, uint32 *m1)		\
{									\
  uint32 t[PRE##_BLKSZ/4];						\
									\
  BLKC_ZERO(PRE, t); pre##_eblk(k, t, t);				\
  BLKC_BLSHIFT(PRE, IRRED, m0, t);					\
  BLKC_BLSHIFT(PRE, IRRED, m1, m0);					\
}									\
									\
/* --- @pre_omacdone@ --- *						\
 *									\
 * Arguments:	@pre_ctx *k@ = pointer to expanded blockcipher key	\
 *		@const uint32 *m0, *m1@ = masks				\
 *		@uint32 *a@ = accumulator state to update		\
 *		@octet *p@ = pointer to input buffer (clobbered)	\
 *		@unsigned n@ = size of input buffer (no more than	\
 *			@PRE_BLKSZ@)					\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Update and finalize the OMAC hash state with the last	\
 *		few bytes of input.  The final tag is left in @a@.	\
 */									\
									\
void pre##_omacdone(pre##_ctx *k, const uint32 *m0, const uint32 *m1,	\
		    uint32 *a, octet *p, unsigned n)			\
{									\
  /* Do any necessary padding and apply the appropriate mask to the	\
   * accumulator.							\
   */									\
  if (n == PRE##_BLKSZ)							\
    BLKC_XMOVE(PRE, a, m0);						\
  else {								\
    p[n] = 0x80; memset(p + n + 1, 0, PRE##_BLKSZ - n - 1);		\
    BLKC_XMOVE(PRE, a, m1);						\
  }									\
									\
  /* Fetch the buffer contents and cycle the block cipher one last	\
   * time.								\
   */									\
  BLKC_XLOAD(PRE, a, p);						\
  pre##_eblk(k, a, a);							\
}

/*----- Properly cooked CMAC ----------------------------------------------*/

/* --- @CMAC_DEF@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Creates an implementation for the CMAC message-authentication
 *		mode.
 */

#define CMAC_DEF(PRE, pre) CMAC_DEFX(PRE, pre, #pre, #pre)

#define CMAC_DEFX(PRE, pre, name, fname)				\
									\
OMAC_DEF(PRE, pre)							\
									\
/* --- @pre_cmacsetkey@ --- *						\
 *									\
 * Arguments:	@pre_cmackey *key@ = pointer to CMAC key block		\
 *		@ocnst void *k@ = pointer to key material		\
 *		@size_t ksz@ = size of key material			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a CMAC key.  This can be used for several	\
 *		MAC operations.						\
 */									\
									\
void pre##_cmacsetkey(pre##_cmackey *key, const void *k, size_t ksz)	\
{									\
  pre##_init(&key->ctx, k, ksz);					\
  pre##_omacmasks(&key->ctx, key->m0, key->m1);				\
}									\
									\
/* --- @pre##_cmacinit@ --- *						\
 *									\
 * Arguments:	@pre_cmacctx *ctx@ = pointer to context block		\
 *		@pre_cmackey *k@ = key block				\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Initializes a CMAC context ready to process a message.	\
 *		It's not necessary to keep the key around.		\
 */									\
									\
void pre##_cmacinit(pre##_cmacctx *ctx, const pre##_cmackey *k)		\
  { ctx->k = *k; ctx->off = 0; BLKC_ZERO(PRE, ctx->a); }		\
									\
/* --- @pre_cmachash@ --- *						\
 *									\
 * Arguments:	@pre_cmacctx *ctx@ = pointer to CMAC context block	\
 *		@ocnst void *p@ = pointer to message buffer		\
 *		@size_t sz@ = size of message buffer			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Hashes some input data.					\
 */									\
									\
void pre##_cmachash(pre##_cmacctx *ctx, const void *p, size_t sz)	\
{									\
  rsvr_state st;							\
  const octet *q;							\
									\
  rsvr_setup(&st, &pre##_omacpolicy, ctx->b, &ctx->off, p, sz);		\
  RSVR_DO(&st) while ((q = RSVR_NEXT(&st, PRE##_BLKSZ)) != 0)		\
    OMAC_BLOCK(PRE, pre, &ctx->k.ctx, ctx->a, q);			\
}									\
									\
/* --- @pre_cmacdone@ --- *						\
 *									\
 * Arguments:	@pre_cmacctx *ctx@ = pointer to CMAC context block	\
 *		@void *t@ = where to write the tag			\
 *									\
 * Returns:	---							\
 *									\
 * Use:		Finishes a MAC operation and produces the tag.  The	\
 *		context is clobbered and can't be used for anything	\
 *		useful any more.					\
 */									\
									\
void pre##_cmacdone(pre##_cmacctx *ctx, void *t)			\
{									\
  pre##_omacdone(&ctx->k.ctx, ctx->k.m0, ctx->k.m1,			\
		 ctx->a, ctx->b, ctx->off);				\
  BLKC_STORE(PRE, t, ctx->a);						\
}									\
									\
/* --- Generic MAC interface --- */					\
									\
static const gmac_ops gkops;						\
static const ghash_ops gops;						\
									\
typedef struct gkctx {							\
  gmac m;								\
  pre##_cmackey k;							\
} gkctx;								\
									\
typedef struct gctx {							\
  ghash h;								\
  pre##_cmacctx c;							\
  octet buf[PRE##_BLKSZ];						\
} gctx;									\
									\
static ghash *gkinit(gmac *m)						\
{									\
  gkctx *gk = (gkctx *)m;						\
  gctx *g = S_CREATE(gctx);						\
  g->h.ops = &gops;							\
  pre##_cmacinit(&g->c, &gk->k);					\
  return (&g->h);							\
}									\
									\
static gmac *gkey(const void *k, size_t sz)				\
{									\
  gkctx *gk = S_CREATE(gkctx);						\
  gk->m.ops = &gkops;							\
  pre##_cmacsetkey(&gk->k, k, sz);					\
  return (&gk->m);							\
}									\
									\
static void ghhash(ghash *h, const void *p, size_t sz)			\
  { gctx *g = (gctx *)h; pre##_cmachash(&g->c, p, sz); }		\
									\
static octet *ghdone(ghash *h, void *buf)				\
{									\
  gctx *g = (gctx *)h;							\
  if (!buf) buf = g->buf;						\
  pre##_cmacdone(&g->c, buf);						\
  return (buf);								\
}									\
									\
static ghash *ghcopy(ghash *h)						\
{									\
  gctx *g = (gctx *)h;							\
  gctx *gg = S_CREATE(gctx);						\
  memcpy(gg, g, sizeof(gctx));						\
  return (&gg->h);							\
}									\
									\
static void ghdestroy(ghash *h)						\
  { gctx *g = (gctx *)h; BURN(*g); S_DESTROY(g); }			\
									\
static void gkdestroy(gmac *m)						\
  { gkctx *gk = (gkctx *)m; BURN(*gk); S_DESTROY(gk); }			\
									\
static ghash *ghinit(void)						\
{									\
  assert(((void)"Attempt to instantiate an unkeyed MAC", 0));		\
  return (0);								\
}									\
									\
const gcmac pre##_cmac =						\
  { name "-cmac", PRE##_BLKSZ, pre##_keysz, gkey };			\
static const gmac_ops gkops = { &pre##_cmac, gkinit, gkdestroy };	\
static const gchash gch = { name "-cmac", PRE##_BLKSZ, ghinit };	\
static const ghash_ops gops =						\
  { &gch, ghhash, ghdone, ghdestroy, ghcopy };				\
									\
CMAC_TESTX(PRE, pre, name, fname)

#define CMAC_TEST(PRE, pre) HMAC_TESTX(PRE, pre, #pre, #pre)

/* --- @CMAC_TEST@ --- *
 *
 * Arguments:	@PRE@, @pre@ = prefixes for the underlying block cipher
 *
 * Use:		Standard test rig for CMAC functions.
 */

#ifdef TEST_RIG

#include <stdio.h>

#include <mLib/dstr.h>
#include <mLib/macros.h>
#include <mLib/quis.h>
#include <mLib/testrig.h>

#define CMAC_TESTX(PRE, pre, name, fname)				\
									\
static int macverify(dstr *v)						\
{									\
  pre##_cmacctx cctx;							\
  pre##_cmackey ckey;							\
  int ok = 1;								\
  int i;								\
  octet *p;								\
  int szs[] = { 1, 7, 192, -1, 0 }, *ip;				\
  size_t csz;								\
  dstr d;								\
									\
  dstr_create(&d);							\
  dstr_ensure(&d, PRE##_BLKSZ);						\
  d.len = PRE##_BLKSZ;							\
									\
  pre##_cmacsetkey(&ckey, v[0].buf, v[0].len);				\
									\
  for (ip = szs; *ip; ip++) {						\
    i = *ip;								\
    csz = v[1].len;							\
    if (i == -1)							\
      i = csz;								\
    if (i > csz)							\
      continue;								\
    p = (octet *)v[1].buf;						\
    pre##_cmacinit(&cctx, &ckey);					\
    while (csz) {							\
      if (i > csz)							\
	i = csz;							\
      pre##_cmachash(&cctx, p, i);					\
      p += i;								\
      csz -= i;								\
    }									\
    pre##_cmacdone(&cctx, d.buf);					\
    if (MEMCMP(d.buf, !=, v[2].buf, PRE##_BLKSZ)) {			\
      printf("\nfail:\n\tstep = %i\n\tkey = ", *ip);			\
      type_hex.dump(&v[0], stdout);					\
      fputs("\n\tinput = ", stdout);					\
      type_hex.dump(&v[1], stdout);					\
      fputs("\n\texpected = ", stdout);					\
      type_hex.dump(&v[2], stdout);					\
      fputs("\n\tcomputed = ", stdout);					\
      type_hex.dump(&d, stdout);					\
      putchar('\n');							\
      ok = 0;								\
    }									\
  }									\
									\
  dstr_destroy(&d);							\
  return (ok);								\
}									\
									\
static test_chunk macdefs[] = {						\
  { name "-cmac", macverify,						\
    { &type_hex, &type_hex, &type_hex, 0 } },				\
  { 0, 0, { 0 } }							\
};									\
									\
int main(int argc, char *argv[])					\
{									\
  ego(argv[0]);								\
  test_run(argc, argv, macdefs, SRCDIR"/t/" fname);			\
  return (0);								\
}

#else
#  define CMAC_TESTX(PRE, pre, name, fname)
#endif

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
ea054059 MW	1	/* --c--
	2	*
	3	* The CMAC message-authentication code
	4	*
	5	* (c) 2017 Straylight/Edgeware
	6	*/
	7
	8	/----- Licensing notice --------------------------------------------------
	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
	16	*
	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
	21	*
	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
	28	#ifndef CATACOMB_CMAC_DEF_H
	29	#define CATACOMB_CMAC_DEF_H
	30
	31	#ifdef __cplusplus
	32	extern "C" {
	33	#endif
	34
	35	/----- Header files ------------------------------------------------------/
	36
	37	#include <string.h>
	38
	39	#include <mLib/bits.h>
	40	#include <mLib/sub.h>
	41
	42	#ifndef CATACOMB_ARENA_H
	43	# include "arena.h"
	44	#endif
	45
	46	#ifndef CATACOMB_BLKC_H
	47	# include "blkc.h"
	48	#endif
	49
	50	#ifndef CATACOMB_GMAC_H
	51	# include "gmac.h"
	52	#endif
	53
	54	#ifndef CATACOMB_PARANOIA_H
	55	# include "paranoia.h"
	56	#endif
	57
	58	#ifndef CATACOMB_RSVR_H
	59	# include "rsvr.h"
	60	#endif
	61
	62	/----- Low-level OMAC definitions ----------------------------------------/
	63
	64	/* --- @OMAC_BLOCK@ --- *
65	*
66	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
67	* @pre_ctx *k@ = pointer to expanded blockcipher key
68	* @uint32 *a@ = accumulator state to update
69	* @octet *p@ = pointer to input block to accumulate
70	*
71	* Use: Update the state @a@ from the input block @p@.
72	*/
73
74	#define OMAC_BLOCK(PRE, pre, k, a, p) do { \
75	pre##_ctx _k = (k); uint32 _a = (a); const octet *_pp = (p); \
76	BLKC_XLOAD(PRE, _a, _pp); pre##_eblk(_k, _a, _a); \
77	} while (0)
78
79	/* --- @OMAC_DEF@ --- *
80	*
81	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
82	*
83	* Use: Creates low-level implementation for the OMAC message-
84	* authentication mode.
85	*/
86
87	#define OMAC_DEF(PRE, pre) \
88	\
89	/* Buffering policy for OMAC. */ \
90	const rsvr_policy pre##_omacpolicy = \
91	{ RSVRF_FULL, PRE##_BLKSZ, PRE##_BLKSZ }; \
92	\
93	/* --- @pre_omacmasks@ --- * \
94	* \
95	* Arguments: @pre_ctx *k@ = pointer to expanded blockcipher key \
96	* @uint32 m0, m1@ = buffers to store the masks \
97	* \
98	* Returns: --- \
99	* \
100	* Use: Initialize the OMAC masks. The mask buffers are \
101	* @PRE_BLKSZ/4@ words long. The mmask @m0@ is applied to \
102	* messages which are a whole number of blocks long; @m1@ \
103	* is applied to messages with an incomplete final block, \
104	* following the 10* padding. \
105	*/ \
106	\
107	void pre##_omacmasks(pre##_ctx k, uint32 m0, uint32 *m1) \
108	{ \
109	uint32 t[PRE##_BLKSZ/4]; \
110	\
111	BLKC_ZERO(PRE, t); pre##_eblk(k, t, t); \
112	BLKC_BLSHIFT(PRE, IRRED, m0, t); \
113	BLKC_BLSHIFT(PRE, IRRED, m1, m0); \
114	} \
115	\
116	/* --- @pre_omacdone@ --- * \
117	* \
118	* Arguments: @pre_ctx *k@ = pointer to expanded blockcipher key \
119	* @const uint32 m0, m1@ = masks \
120	* @uint32 *a@ = accumulator state to update \
121	* @octet *p@ = pointer to input buffer (clobbered) \
122	* @unsigned n@ = size of input buffer (no more than \
123	* @PRE_BLKSZ@) \
124	* \
125	* Returns: --- \
126	* \
127	* Use: Update and finalize the OMAC hash state with the last \
128	* few bytes of input. The final tag is left in @a@. \
129	*/ \
130	\
131	void pre##_omacdone(pre##_ctx k, const uint32 m0, const uint32 *m1, \
132	uint32 a, octet p, unsigned n) \
133	{ \
134	/* Do any necessary padding and apply the appropriate mask to the \
135	* accumulator. \
136	*/ \
137	if (n == PRE##_BLKSZ) \
138	BLKC_XMOVE(PRE, a, m0); \
139	else { \
140	p[n] = 0x80; memset(p + n + 1, 0, PRE##_BLKSZ - n - 1); \
141	BLKC_XMOVE(PRE, a, m1); \
142	} \
143	\
144	/* Fetch the buffer contents and cycle the block cipher one last \
145	* time. \
146	*/ \
147	BLKC_XLOAD(PRE, a, p); \
148	pre##_eblk(k, a, a); \
149	}
150
151	/----- Properly cooked CMAC ----------------------------------------------/
152
153	/* --- @CMAC_DEF@ --- *
154	*
155	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
156	*
157	* Use: Creates an implementation for the CMAC message-authentication
158	* mode.
159	*/
160
161	#define CMAC_DEF(PRE, pre) CMAC_DEFX(PRE, pre, #pre, #pre)
162
163	#define CMAC_DEFX(PRE, pre, name, fname) \
164	\
165	OMAC_DEF(PRE, pre) \
166	\
167	/* --- @pre_cmacsetkey@ --- * \
168	* \
169	* Arguments: @pre_cmackey *key@ = pointer to CMAC key block \
170	* @ocnst void *k@ = pointer to key material \
171	* @size_t ksz@ = size of key material \
172	* \
173	* Returns: --- \
174	* \
175	* Use: Initializes a CMAC key. This can be used for several \
176	* MAC operations. \
177	*/ \
178	\
179	void pre##_cmacsetkey(pre##_cmackey key, const void k, size_t ksz) \
180	{ \
181	pre##_init(&key->ctx, k, ksz); \
182	pre##_omacmasks(&key->ctx, key->m0, key->m1); \
183	} \
184	\
185	/* --- @pre##_cmacinit@ --- * \
186	* \
187	* Arguments: @pre_cmacctx *ctx@ = pointer to context block \
188	* @pre_cmackey *k@ = key block \
189	* \
190	* Returns: --- \
191	* \
192	* Use: Initializes a CMAC context ready to process a message. \
193	* It's not necessary to keep the key around. \
194	*/ \
195	\
196	void pre##_cmacinit(pre##_cmacctx ctx, const pre##_cmackey k) \
197	{ ctx->k = *k; ctx->off = 0; BLKC_ZERO(PRE, ctx->a); } \
198	\
199	/* --- @pre_cmachash@ --- * \
200	* \
201	* Arguments: @pre_cmacctx *ctx@ = pointer to CMAC context block \
202	* @ocnst void *p@ = pointer to message buffer \
203	* @size_t sz@ = size of message buffer \
204	* \
205	* Returns: --- \
206	* \
207	* Use: Hashes some input data. \
208	*/ \
209	\
210	void pre##_cmachash(pre##_cmacctx ctx, const void p, size_t sz) \
211	{ \
212	rsvr_state st; \
213	const octet *q; \
214	\
215	rsvr_setup(&st, &pre##_omacpolicy, ctx->b, &ctx->off, p, sz); \
216	RSVR_DO(&st) while ((q = RSVR_NEXT(&st, PRE##_BLKSZ)) != 0) \
217	OMAC_BLOCK(PRE, pre, &ctx->k.ctx, ctx->a, q); \
218	} \
219	\
220	/* --- @pre_cmacdone@ --- * \
221	* \
222	* Arguments: @pre_cmacctx *ctx@ = pointer to CMAC context block \
223	* @void *t@ = where to write the tag \
224	* \
225	* Returns: --- \
226	* \
227	* Use: Finishes a MAC operation and produces the tag. The \
228	* context is clobbered and can't be used for anything \
229	* useful any more. \
230	*/ \
231	\
232	void pre##_cmacdone(pre##_cmacctx ctx, void t) \
233	{ \
234	pre##_omacdone(&ctx->k.ctx, ctx->k.m0, ctx->k.m1, \
235	ctx->a, ctx->b, ctx->off); \
236	BLKC_STORE(PRE, t, ctx->a); \
237	} \
238	\
239	/* --- Generic MAC interface --- */ \
240	\
241	static const gmac_ops gkops; \
242	static const ghash_ops gops; \
243	\
244	typedef struct gkctx { \
245	gmac m; \
246	pre##_cmackey k; \
247	} gkctx; \
248	\
249	typedef struct gctx { \
250	ghash h; \
251	pre##_cmacctx c; \
252	octet buf[PRE##_BLKSZ]; \
253	} gctx; \
254	\
255	static ghash gkinit(gmac m) \
256	{ \
257	gkctx gk = (gkctx )m; \
258	gctx *g = S_CREATE(gctx); \
259	g->h.ops = &gops; \
260	pre##_cmacinit(&g->c, &gk->k); \
261	return (&g->h); \
262	} \
263	\
264	static gmac gkey(const void k, size_t sz) \
265	{ \
266	gkctx *gk = S_CREATE(gkctx); \
267	gk->m.ops = &gkops; \
268	pre##_cmacsetkey(&gk->k, k, sz); \
269	return (&gk->m); \
270	} \
271	\
272	static void ghhash(ghash h, const void p, size_t sz) \
273	{ gctx g = (gctx )h; pre##_cmachash(&g->c, p, sz); } \
274	\
275	static octet ghdone(ghash h, void *buf) \
276	{ \
277	gctx g = (gctx )h; \
278	if (!buf) buf = g->buf; \
279	pre##_cmacdone(&g->c, buf); \
280	return (buf); \
281	} \
282	\
283	static ghash ghcopy(ghash h) \
284	{ \
285	gctx g = (gctx )h; \
286	gctx *gg = S_CREATE(gctx); \
287	memcpy(gg, g, sizeof(gctx)); \
288	return (&gg->h); \
289	} \
290	\
291	static void ghdestroy(ghash *h) \
292	{ gctx g = (gctx )h; BURN(*g); S_DESTROY(g); } \
293	\
294	static void gkdestroy(gmac *m) \
295	{ gkctx gk = (gkctx )m; BURN(*gk); S_DESTROY(gk); } \
296	\
297	static ghash *ghinit(void) \
298	{ \
299	assert(((void)"Attempt to instantiate an unkeyed MAC", 0)); \
300	return (0); \
301	} \
302	\
303	const gcmac pre##_cmac = \
304	{ name "-cmac", PRE##_BLKSZ, pre##_keysz, gkey }; \
305	static const gmac_ops gkops = { &pre##_cmac, gkinit, gkdestroy }; \
306	static const gchash gch = { name "-cmac", PRE##_BLKSZ, ghinit }; \
307	static const ghash_ops gops = \
308	{ &gch, ghhash, ghdone, ghdestroy, ghcopy }; \
309	\
310	CMAC_TESTX(PRE, pre, name, fname)
311
312	#define CMAC_TEST(PRE, pre) HMAC_TESTX(PRE, pre, #pre, #pre)
313
314	/* --- @CMAC_TEST@ --- *
315	*
316	* Arguments: @PRE@, @pre@ = prefixes for the underlying block cipher
317	*
318	* Use: Standard test rig for CMAC functions.
319	*/
320
321	#ifdef TEST_RIG
322
323	#include <stdio.h>
324
325	#include <mLib/dstr.h>
141c1284	326	#include <mLib/macros.h>
ea054059 MW	327	#include <mLib/quis.h>
	328	#include <mLib/testrig.h>
	329
	330	#define CMAC_TESTX(PRE, pre, name, fname) \
	331	\
	332	static int macverify(dstr *v) \
	333	{ \
	334	pre##_cmacctx cctx; \
	335	pre##_cmackey ckey; \
	336	int ok = 1; \
	337	int i; \
	338	octet *p; \
	339	int szs[] = { 1, 7, 192, -1, 0 }, *ip; \
	340	size_t csz; \
	341	dstr d; \
	342	\
	343	dstr_create(&d); \
	344	dstr_ensure(&d, PRE##_BLKSZ); \
	345	d.len = PRE##_BLKSZ; \
	346	\
	347	pre##_cmacsetkey(&ckey, v[0].buf, v[0].len); \
	348	\
	349	for (ip = szs; *ip; ip++) { \
	350	i = *ip; \
	351	csz = v[1].len; \
	352	if (i == -1) \
	353	i = csz; \
	354	if (i > csz) \
	355	continue; \
	356	p = (octet *)v[1].buf; \
	357	pre##_cmacinit(&cctx, &ckey); \
	358	while (csz) { \
	359	if (i > csz) \
	360	i = csz; \
	361	pre##_cmachash(&cctx, p, i); \
	362	p += i; \
	363	csz -= i; \
	364	} \
	365	pre##_cmacdone(&cctx, d.buf); \
141c1284	366	if (MEMCMP(d.buf, !=, v[2].buf, PRE##_BLKSZ)) { \
ea054059 MW	367	printf("\nfail:\n\tstep = %i\n\tkey = ", *ip); \
	368	type_hex.dump(&v[0], stdout); \
	369	fputs("\n\tinput = ", stdout); \
	370	type_hex.dump(&v[1], stdout); \
	371	fputs("\n\texpected = ", stdout); \
	372	type_hex.dump(&v[2], stdout); \
	373	fputs("\n\tcomputed = ", stdout); \
	374	type_hex.dump(&d, stdout); \
	375	putchar('\n'); \
	376	ok = 0; \
	377	} \
	378	} \
	379	\
	380	dstr_destroy(&d); \
	381	return (ok); \
	382	} \
	383	\
	384	static test_chunk macdefs[] = { \
	385	{ name "-cmac", macverify, \
	386	{ &type_hex, &type_hex, &type_hex, 0 } }, \
	387	{ 0, 0, { 0 } } \
	388	}; \
	389	\
	390	int main(int argc, char *argv[]) \
	391	{ \
	392	ego(argv[0]); \
	393	test_run(argc, argv, macdefs, SRCDIR"/t/" fname); \
	394	return (0); \
	395	}
	396
	397	#else
	398	# define CMAC_TESTX(PRE, pre, name, fname)
	399	#endif
	400
	401	/----- That's all, folks -------------------------------------------------/
	402
	403	#ifdef __cplusplus
	404	}
	405	#endif
	406
	407	#endif