Skip to content

Commit 9e2b884

Browse files
kareem-wolfsslkareem-wolfssl
committed
Require that the AES CMAC mac size is inside of the range [WC_CMAC_TAG_MIN_SZ, WC_AES_BLOCK_SIZE].
Fixes F-3084.
1 parent f3350c8 commit 9e2b884

4 files changed

Lines changed: 381 additions & 17 deletions

File tree

doc/dox_comments/header_files/cmac.h

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -174,8 +174,11 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
174174
\ingroup CMAC
175175
\brief Single shot function for validating a CMAC
176176
\return 0 on success
177-
\param check CMAC value to verify
178-
\param checkSz size of check buffer
177+
\return BAD_FUNC_ARG if parameters are invalid
178+
\return MAC_CMP_FAILED_E if the supplied tag does not match
179+
\param check Expected MAC value to verify
180+
\param checkSz size of expected MAC value; must be in
181+
[\c WC_CMAC_TAG_MIN_SZ, \c WC_AES_BLOCK_SIZE]
179182
\param in input data to process
180183
\param inSz size of input data
181184
\param key key pointer
@@ -211,10 +214,8 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz);
211214
\ingroup CMAC
212215
\brief Single shot AES-CMAC generation with extended parameters
213216
including heap and device ID.
214-
215217
\return 0 on success
216218
\return BAD_FUNC_ARG if parameters are invalid
217-
218219
\param cmac Pointer to Cmac structure (can be NULL for one-shot)
219220
\param out Buffer to store MAC output
220221
\param outSz Pointer to output size (in/out)
@@ -249,14 +250,13 @@ int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz,
249250
\ingroup CMAC
250251
\brief Single shot AES-CMAC verification with extended parameters
251252
including heap and device ID.
252-
253253
\return 0 on success
254254
\return BAD_FUNC_ARG if parameters are invalid
255255
\return MAC_CMP_FAILED_E if MAC verification fails
256-
257-
\param cmac Pointer to Cmac structure (can be NULL for one-shot)
256+
\param cmac Pointer to Cmac structure
258257
\param check Expected MAC value to verify
259-
\param checkSz Size of expected MAC
258+
\param checkSz Size of expected MAC; must be in
259+
[\c WC_CMAC_TAG_MIN_SZ, \c WC_AES_BLOCK_SIZE]
260260
\param in Input data to authenticate
261261
\param inSz Length of input data
262262
\param key AES key
@@ -267,10 +267,11 @@ int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz,
267267
268268
_Example_
269269
\code
270-
byte mac[AES_BLOCK_SIZE];
270+
Cmac cmac;
271+
byte mac[WC_AES_BLOCK_SIZE];
271272
byte key[16], msg[64];
272273
273-
int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg,
274+
int ret = wc_AesCmacVerify_ex(&cmac, mac, sizeof(mac), msg,
274275
sizeof(msg), key, sizeof(key),
275276
NULL, INVALID_DEVID);
276277
if (ret == MAC_CMP_FAILED_E) {

0 commit comments

Comments
 (0)