97 int tc_cmac_setup(TCCmacState_t s, const uint8_t *key, TCAesKeySched_t sched)  in tc_cmac_setup()  argument
101 	if (s == (TCCmacState_t) 0 ||  in tc_cmac_setup()
106 	/* put s into a known state */  in tc_cmac_setup()
107 	_set(s, 0, sizeof(*s));  in tc_cmac_setup()
108 	s->sched = sched;  in tc_cmac_setup()
111 	tc_aes128_set_encrypt_key(s->sched, key);  in tc_cmac_setup()
113 	/* compute s->K1 and s->K2 from s->iv using s->keyid */  in tc_cmac_setup()
114 	_set(s->iv, 0, TC_AES_BLOCK_SIZE);  in tc_cmac_setup()
115 	tc_aes_encrypt(s->iv, s->iv, s->sched);  in tc_cmac_setup()
116 	gf_double (s->K1, s->iv);  in tc_cmac_setup()
117 	gf_double (s->K2, s->K1);  in tc_cmac_setup()
119 	/* reset s->iv to 0 in case someone wants to compute now */  in tc_cmac_setup()
120 	tc_cmac_init(s);  in tc_cmac_setup()
125 int tc_cmac_erase(TCCmacState_t s)  in tc_cmac_erase()  argument
127 	if (s == (TCCmacState_t) 0) {  in tc_cmac_erase()
132 	_set(s, 0, sizeof(*s));  in tc_cmac_erase()
137 int tc_cmac_init(TCCmacState_t s)  in tc_cmac_init()  argument
140 	if (s == (TCCmacState_t) 0) {  in tc_cmac_init()
145 	_set(s->iv, 0, TC_AES_BLOCK_SIZE);  in tc_cmac_init()
148 	_set(s->leftover, 0, TC_AES_BLOCK_SIZE);  in tc_cmac_init()
149 	s->leftover_offset = 0;  in tc_cmac_init()
152 	s->countdown = MAX_CALLS;  in tc_cmac_init()
157 int tc_cmac_update(TCCmacState_t s, const uint8_t *data, size_t data_length)  in tc_cmac_update()  argument
162 	if (s == (TCCmacState_t) 0) {  in tc_cmac_update()
172 	if (s->countdown == 0) {  in tc_cmac_update()
176 	s->countdown--;  in tc_cmac_update()
178 	if (s->leftover_offset > 0) {  in tc_cmac_update()
179 		/* last data added to s didn't end on a TC_AES_BLOCK_SIZE byte boundary */  in tc_cmac_update()
180 		size_t remaining_space = TC_AES_BLOCK_SIZE - s->leftover_offset;  in tc_cmac_update()
184 			_copy(&s->leftover[s->leftover_offset], data_length, data, data_length);  in tc_cmac_update()
185 			s->leftover_offset += data_length;  in tc_cmac_update()
189 		_copy(&s->leftover[s->leftover_offset],  in tc_cmac_update()
195 		s->leftover_offset = 0;  in tc_cmac_update()
198 			s->iv[i] ^= s->leftover[i];  in tc_cmac_update()
200 		tc_aes_encrypt(s->iv, s->iv, s->sched);  in tc_cmac_update()
206 			s->iv[i] ^= data[i];  in tc_cmac_update()
208 		tc_aes_encrypt(s->iv, s->iv, s->sched);  in tc_cmac_update()
215 		_copy(s->leftover, data_length, data, data_length);  in tc_cmac_update()
216 		s->leftover_offset = data_length;  in tc_cmac_update()
222 int tc_cmac_final(uint8_t *tag, TCCmacState_t s)  in tc_cmac_final()  argument
229 	    s == (TCCmacState_t) 0) {  in tc_cmac_final()
233 	if (s->leftover_offset == TC_AES_BLOCK_SIZE) {  in tc_cmac_final()
235 		k = (uint8_t *) s->K1;  in tc_cmac_final()
238 		size_t remaining = TC_AES_BLOCK_SIZE - s->leftover_offset;  in tc_cmac_final()
240 		_set(&s->leftover[s->leftover_offset], 0, remaining);  in tc_cmac_final()
241 		s->leftover[s->leftover_offset] = TC_CMAC_PADDING;  in tc_cmac_final()
242 		k = (uint8_t *) s->K2;  in tc_cmac_final()
245 		s->iv[i] ^= s->leftover[i] ^ k[i];  in tc_cmac_final()
248 	tc_aes_encrypt(tag, s->iv, s->sched);  in tc_cmac_final()
251 	tc_cmac_erase(s);  in tc_cmac_final()