3 files changed, 224 insertions, 0 deletions
diff --git a/src/lib/mac/cmac/cmac.cpp b/src/lib/mac/cmac/cmac.cpp
new file mode 100644
index 000000000..00120cf14
--- /dev/null
+++ b/src/lib/mac/cmac/cmac.cpp
@@ -0,0 +1,156 @@
+/*
+* CMAC
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/cmac.h>
+#include <botan/internal/xor_buf.h>
+
+namespace Botan {
+
+/*
+* Perform CMAC's multiplication in GF(2^n)
+*/
+secure_vector<byte> CMAC::poly_double(const secure_vector<byte>& in,
+                                     byte polynomial)
+   {
+   const byte poly_xor = (in[0] & 0x80) ? polynomial : 0;
+
+   secure_vector<byte> out = in;
+
+   byte carry = 0;
+   for(size_t i = out.size(); i != 0; --i)
+      {
+      byte temp = out[i-1];
+      out[i-1] = (temp << 1) | carry;
+      carry = (temp >> 7);
+      }
+
+   out[out.size()-1] ^= poly_xor;
+
+   return out;
+   }
+
+/*
+* Update an CMAC Calculation
+*/
+void CMAC::add_data(const byte input[], size_t length)
+   {
+   buffer_insert(buffer, position, input, length);
+   if(position + length > output_length())
+      {
+      xor_buf(state, buffer, output_length());
+      e->encrypt(state);
+      input += (output_length() - position);
+      length -= (output_length() - position);
+      while(length > output_length())
+         {
+         xor_buf(state, input, output_length());
+         e->encrypt(state);
+         input += output_length();
+         length -= output_length();
+         }
+      copy_mem(&buffer[0], input, length);
+      position = 0;
+      }
+   position += length;
+   }
+
+/*
+* Finalize an CMAC Calculation
+*/
+void CMAC::final_result(byte mac[])
+   {
+   xor_buf(state, buffer, position);
+
+   if(position == output_length())
+      {
+      xor_buf(state, B, output_length());
+      }
+   else
+      {
+      state[position] ^= 0x80;
+      xor_buf(state, P, output_length());
+      }
+
+   e->encrypt(state);
+
+   for(size_t i = 0; i != output_length(); ++i)
+      mac[i] = state[i];
+
+   zeroise(state);
+   zeroise(buffer);
+   position = 0;
+   }
+
+/*
+* CMAC Key Schedule
+*/
+void CMAC::key_schedule(const byte key[], size_t length)
+   {
+   clear();
+   e->set_key(key, length);
+   e->encrypt(B);
+   B = poly_double(B, polynomial);
+   P = poly_double(B, polynomial);
+   }
+
+/*
+* Clear memory of sensitive data
+*/
+void CMAC::clear()
+   {
+   e->clear();
+   zeroise(state);
+   zeroise(buffer);
+   zeroise(B);
+   zeroise(P);
+   position = 0;
+   }
+
+/*
+* Return the name of this type
+*/
+std::string CMAC::name() const
+   {
+   return "CMAC(" + e->name() + ")";
+   }
+
+/*
+* Return a clone of this object
+*/
+MessageAuthenticationCode* CMAC::clone() const
+   {
+   return new CMAC(e->clone());
+   }
+
+/*
+* CMAC Constructor
+*/
+CMAC::CMAC(BlockCipher* e_in) : e(e_in)
+   {
+   if(e->block_size() == 16)
+      polynomial = 0x87;
+   else if(e->block_size() == 8)
+      polynomial = 0x1B;
+   else
+      throw Invalid_Argument("CMAC cannot use the cipher " + e->name());
+
+   state.resize(output_length());
+   buffer.resize(output_length());
+   B.resize(output_length());
+   P.resize(output_length());
+   position = 0;
+   }
+
+/*
+* CMAC Destructor
+*/
+CMAC::~CMAC()
+   {
+   delete e;
+   }
+
+}
diff --git a/src/lib/mac/cmac/cmac.h b/src/lib/mac/cmac/cmac.h
new file mode 100644
index 000000000..c1b75cfa5
--- /dev/null
+++ b/src/lib/mac/cmac/cmac.h
@@ -0,0 +1,63 @@
+/*
+* CMAC
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#ifndef BOTAN_CMAC_H__
+#define BOTAN_CMAC_H__
+
+#include <botan/mac.h>
+#include <botan/block_cipher.h>
+
+namespace Botan {
+
+/**
+* CMAC, also known as OMAC1
+*/
+class BOTAN_DLL CMAC : public MessageAuthenticationCode
+   {
+   public:
+      std::string name() const;
+      size_t output_length() const { return e->block_size(); }
+      MessageAuthenticationCode* clone() const;
+
+      void clear();
+
+      Key_Length_Specification key_spec() const
+         {
+         return e->key_spec();
+         }
+
+      /**
+      * CMAC's polynomial doubling operation
+      * @param in the input
+      * @param polynomial the byte value of the polynomial
+      */
+      static secure_vector<byte> poly_double(const secure_vector<byte>& in,
+                                             byte polynomial);
+
+      /**
+      * @param cipher the underlying block cipher to use
+      */
+      CMAC(BlockCipher* cipher);
+
+      CMAC(const CMAC&) = delete;
+      CMAC& operator=(const CMAC&) = delete;
+
+      ~CMAC();
+   private:
+      void add_data(const byte[], size_t);
+      void final_result(byte[]);
+      void key_schedule(const byte[], size_t);
+
+      BlockCipher* e;
+      secure_vector<byte> buffer, state, B, P;
+      size_t position;
+      byte polynomial;
+   };
+
+}
+
+#endif
diff --git a/src/lib/mac/cmac/info.txt b/src/lib/mac/cmac/info.txt
new file mode 100644
index 000000000..d2dc6f68d
--- /dev/null
+++ b/src/lib/mac/cmac/info.txt
@@ -0,0 +1,5 @@
+define CMAC 20131128
+
+<requires>
+block
+</requires>