Cmac

NIST Special Publication 800-38B - The CMAC Mode for Authentication https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38b.pdf

Fields of this type

Fields

cipher_ctx:BlockCipherCtx
k1:Block
k2:Block
buf:Block: = [_]u8{0} ** block_length
pos:usize: = 0

Functions in this namespace

Functions

create
init
update
final

= BlockCipher.key_bits / 8

Values

key_length: = BlockCipher.key_bits / 8
block_length: = BlockCipher.block.block_length
mac_length: = block_length

Source

Implementation

pub fn Cmac(comptime BlockCipher: type) type {
    const BlockCipherCtx = @typeInfo(@TypeOf(BlockCipher.initEnc)).@"fn".return_type.?;
    const Block = [BlockCipher.block.block_length]u8;

    return struct {
        const Self = @This();
        pub const key_length = BlockCipher.key_bits / 8;
        pub const block_length = BlockCipher.block.block_length;
        pub const mac_length = block_length;

        cipher_ctx: BlockCipherCtx,
        k1: Block,
        k2: Block,
        buf: Block = [_]u8{0} ** block_length,
        pos: usize = 0,

        pub fn create(out: *[mac_length]u8, msg: []const u8, key: *const [key_length]u8) void {
            var ctx = Self.init(key);
            ctx.update(msg);
            ctx.final(out);
        }

        pub fn init(key: *const [key_length]u8) Self {
            const cipher_ctx = BlockCipher.initEnc(key.*);
            const zeros = [_]u8{0} ** block_length;
            var k1: Block = undefined;
            cipher_ctx.encrypt(&k1, &zeros);
            k1 = double(k1);
            return Self{
                .cipher_ctx = cipher_ctx,
                .k1 = k1,
                .k2 = double(k1),
            };
        }

        pub fn update(self: *Self, msg: []const u8) void {
            const left = block_length - self.pos;
            var m = msg;
            if (m.len > left) {
                for (self.buf[self.pos..], 0..) |*b, i| b.* ^= m[i];
                m = m[left..];
                self.cipher_ctx.encrypt(&self.buf, &self.buf);
                self.pos = 0;
            }
            while (m.len > block_length) {
                for (self.buf[0..block_length], 0..) |*b, i| b.* ^= m[i];
                m = m[block_length..];
                self.cipher_ctx.encrypt(&self.buf, &self.buf);
                self.pos = 0;
            }
            if (m.len > 0) {
                for (self.buf[self.pos..][0..m.len], 0..) |*b, i| b.* ^= m[i];
                self.pos += m.len;
            }
        }

        pub fn final(self: *Self, out: *[mac_length]u8) void {
            var mac = self.k1;
            if (self.pos < block_length) {
                mac = self.k2;
                mac[self.pos] ^= 0x80;
            }
            for (&mac, 0..) |*b, i| b.* ^= self.buf[i];
            self.cipher_ctx.encrypt(out, &mac);
        }

        fn double(l: Block) Block {
            const Int = std.meta.Int(.unsigned, block_length * 8);
            const l_ = mem.readInt(Int, &l, .big);
            const l_2 = switch (block_length) {
                8 => (l_ << 1) ^ (0x1b & -%(l_ >> 63)), // mod x^64 + x^4 + x^3 + x + 1
                16 => (l_ << 1) ^ (0x87 & -%(l_ >> 127)), // mod x^128 + x^7 + x^2 + x + 1
                32 => (l_ << 1) ^ (0x0425 & -%(l_ >> 255)), // mod x^256 + x^10 + x^5 + x^2 + 1
                64 => (l_ << 1) ^ (0x0125 & -%(l_ >> 511)), // mod x^512 + x^8 + x^5 + x^2 + 1
                else => @compileError("unsupported block length"),
            };
            var l2: Block = undefined;
            mem.writeInt(Int, &l2, l_2, .big);
            return l2;
        }
    };
}