mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
412afb2aef
Fix ubsan warning null pointer passed as argument 2 when the source pointer is NULL. The calls to memcpy are now guarded by an if (len > 0) Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
122 lines
3.0 KiB
C
122 lines
3.0 KiB
C
/*
|
|
AES-CMAC-128 (rfc 4493)
|
|
Copyright (C) Stefan Metzmacher 2012
|
|
Copyright (C) Jeremy Allison 2012
|
|
Copyright (C) Michael Adam 2012
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "replace.h"
|
|
#include "lib/crypto/aes.h"
|
|
#include "lib/crypto/aes_cmac_128.h"
|
|
|
|
static const uint8_t const_Zero[] = {
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
|
|
};
|
|
|
|
static const uint8_t const_Rb[] = {
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
|
|
};
|
|
|
|
#define _MSB(x) (((x)[0] & 0x80)?1:0)
|
|
|
|
void aes_cmac_128_init(struct aes_cmac_128_context *ctx,
|
|
const uint8_t K[AES_BLOCK_SIZE])
|
|
{
|
|
ZERO_STRUCTP(ctx);
|
|
|
|
AES_set_encrypt_key(K, 128, &ctx->aes_key);
|
|
|
|
/* step 1 - generate subkeys k1 and k2 */
|
|
|
|
AES_encrypt(const_Zero, ctx->L, &ctx->aes_key);
|
|
|
|
if (_MSB(ctx->L) == 0) {
|
|
aes_block_lshift(ctx->L, ctx->K1);
|
|
} else {
|
|
aes_block_lshift(ctx->L, ctx->tmp);
|
|
aes_block_xor(ctx->tmp, const_Rb, ctx->K1);
|
|
}
|
|
|
|
if (_MSB(ctx->K1) == 0) {
|
|
aes_block_lshift(ctx->K1, ctx->K2);
|
|
} else {
|
|
aes_block_lshift(ctx->K1, ctx->tmp);
|
|
aes_block_xor(ctx->tmp, const_Rb, ctx->K2);
|
|
}
|
|
}
|
|
|
|
void aes_cmac_128_update(struct aes_cmac_128_context *ctx,
|
|
const uint8_t *msg, size_t msg_len)
|
|
{
|
|
/*
|
|
* check if we expand the block
|
|
*/
|
|
if (ctx->last_len < AES_BLOCK_SIZE) {
|
|
size_t len = MIN(AES_BLOCK_SIZE - ctx->last_len, msg_len);
|
|
|
|
if (len > 0) {
|
|
memcpy(&ctx->last[ctx->last_len], msg, len);
|
|
msg += len;
|
|
msg_len -= len;
|
|
ctx->last_len += len;
|
|
}
|
|
}
|
|
|
|
if (msg_len == 0) {
|
|
/* if it is still the last block, we are done */
|
|
return;
|
|
}
|
|
|
|
/*
|
|
* now checksum everything but the last block
|
|
*/
|
|
aes_block_xor(ctx->X, ctx->last, ctx->Y);
|
|
AES_encrypt(ctx->Y, ctx->X, &ctx->aes_key);
|
|
|
|
while (msg_len > AES_BLOCK_SIZE) {
|
|
aes_block_xor(ctx->X, msg, ctx->Y);
|
|
AES_encrypt(ctx->Y, ctx->X, &ctx->aes_key);
|
|
msg += AES_BLOCK_SIZE;
|
|
msg_len -= AES_BLOCK_SIZE;
|
|
}
|
|
|
|
/*
|
|
* copy the last block, it will be processed in
|
|
* aes_cmac_128_final().
|
|
*/
|
|
ZERO_STRUCT(ctx->last);
|
|
memcpy(ctx->last, msg, msg_len);
|
|
ctx->last_len = msg_len;
|
|
}
|
|
|
|
void aes_cmac_128_final(struct aes_cmac_128_context *ctx,
|
|
uint8_t T[AES_BLOCK_SIZE])
|
|
{
|
|
if (ctx->last_len < AES_BLOCK_SIZE) {
|
|
ctx->last[ctx->last_len] = 0x80;
|
|
aes_block_xor(ctx->last, ctx->K2, ctx->tmp);
|
|
} else {
|
|
aes_block_xor(ctx->last, ctx->K1, ctx->tmp);
|
|
}
|
|
|
|
aes_block_xor(ctx->tmp, ctx->X, ctx->Y);
|
|
AES_encrypt(ctx->Y, T, &ctx->aes_key);
|
|
|
|
ZERO_STRUCTP(ctx);
|
|
}
|