No CMAC minimum tag length is specified by NIST SP800-38B A

Minor Typo Changes
2025-02-15 15:39:58 +00:00 · 2016-05-19 19:05:57 -07:00 · 2016-05-19 19:05:57 -07:00 · 6eae89bb6f
commit 6eae89bb6f
parent e260feacbe
2 changed files with 31 additions and 35 deletions
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -84,8 +84,8 @@ void mbedtls_cmac_free( mbedtls_cmac_context *ctx );
 * \param in_len    length of the input data in bytes
 * \param tag       buffer for holding the generated tag
 * \param tag_len   length of the tag to generate in bytes
- *                  Must be 4, 6, 8 if cipher block size is 64
- *                  Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128
+ *                  Must be 2, 4, 6, 8 if cipher block size is 64
+ *                  Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
 *
 * \return          0 if successful
 */
@ -101,8 +101,8 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
 * \param in_len    length of the input data in bytes
 * \param tag       buffer holding the tag to verify
 * \param tag_len   length of the tag to verify in bytes
- *                  Must be 4, 6, 8 if cipher block size is 64
- *                  Must be 4, 6, 8 , 10, 12, 14 or 16 if cipher block size is 128
+ *                  Must be 2, 4, 6, 8 if cipher block size is 64
+ *                  Must be 2, 4, 6, 8, 10, 12, 14 or 16 if cipher block size is 128
 * \return          0 if successful and authenticated
 *                  MBEDTLS_ERR_CMAC_VERIFY_FAILED if tag does not match
 */
--- a/library/cmac.c
+++ b/library/cmac.c
@ -62,7 +62,7 @@ void mbedtls_cmac_init( mbedtls_cmac_context *ctx )
 /*
 * Multiplication by u in the Galois field of GF(2^n)
 *
- * As explained in the paper, this can computed:
+ * As explained in the paper, this can be computed:
 * If MSB(p) = 0, then p = (p << 1)
 * If MSB(p) = 1, then p = (p << 1) ^ R_n
 * with R_64 = 0x1B and  R_128 = 0x87
@ -245,7 +245,7 @@ static void cmac_pad( unsigned char padded_block[16],
        ( o )[i] = ( i1 )[i] ^ ( i2 )[i];

 /*
- * Update the CMAC state using an input block x
+ * Update the CMAC state using an input block
 */
 #define UPDATE_CMAC( x )                                                    \
 do {                                                                        \
@ -283,11 +283,7 @@ int mbedtls_cmac_generate( mbedtls_cmac_context *ctx,
        goto exit;
    }

-    /*
-     * Check in_len requirements: SP800-38B A
-     * 4 is a worst case bottom limit
-     */
-    if( tag_len < 4 || tag_len > block_size || tag_len % 2 != 0 )
+    if( tag_len < 2 || tag_len > block_size || tag_len % 2 != 0 )
    {
        ret = MBEDTLS_ERR_CMAC_BAD_INPUT;
        goto exit;