C语言实现AES-128 CMAC算法_c语言实现cmac加密

MessageAuthentication Code（MAC）是一种保障信息完整性和认证的密码学方法，其中CMAC的全称是Cypher-Based Message Authentication Code，基于AES等对称加密方式实现消息认证。通信双方需要共享一个对称密钥，由发送方生成一个MAC值，附在消息后面，接收方计算收到消息的MAC，如果和收到的MAC一致，则说明没有被篡改，并且能确认发送方一定拥有相同的密钥，即认证身份。

        美国国家标准与技术研究院NIST推荐了一种CMAC计算方式，可以避免CBC-MAC带来的缺点，编号为800-3B，文档可以从其官网上下载。该算法通过MAC密钥生成k1和k2两个子密钥，并规定了数据位填充的规则，可以通过AES-128、AES-192、AES-256三种模式进行MAC计算，支持所有整数字节的数据以及长度为0的输入。下图为MAC算法处理不需要位填充和需要位填充的两种情况。本文介绍AES-128生成的CMAC实现。

    本C代码外部依赖项是mbedTLS的密码学库，下载及使用见《C语言实现AES加密解密》。

表1外部调用列表

     本CMAC算法包括的内部函数如下。

表2本代码中设计的函数

    本CMAC算法包括的全局变量如下。

表3本代码中的全局变量

CMAC实现部分代码如下：

#include<stdio.h>
#include "mbedtls/aes.h"
#include "mbedtls/compat-1.3.h"
 
 
uint8_t MAC[16];
uint8_t MACkey[16]; 
uint8_t k1[16];
uint8_t k2[16];
 
 
mbedtls_aes_context aes;
 
void leftshift(int len, uint8_t* add, uint8_t*des)
{
	int i;
	for (i = 0; i < len - 1; i++)
	{
		des[i] = (add[i] << 1) + (add[i + 1] >= 0x80?1:0);
	}
	des[len - 1] = add[len - 1] << 1;
}
 
void ArrayXor(int len, uint8_t*a1, uint8_t*a2, uint8_t*des)
{
	int i;
	for (i = 0; i < len; i++)
	{
		des[i] = a1[i] ^ a2[i];
	}
}
 
void LoadMacKey(uint8_t *key)
{
	int i;
	uint8_t plain[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
	uint8_t Rb[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 };
	uint8_t c0[16];
	for (i = 0; i < 16; i++)
	{
		MACkey[i] = key[i];   //  set MAC key	
	}
	mbedtls_aes_setkey_enc(&aes, MACkey, 128);  		
	mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, plain, c0);
	if (c0[0]<0x80)    //generate k1
	{
		leftshift(16, c0, k1);
	}
	else
	{
		leftshift(16, c0, k1);
		ArrayXor(16, k1, Rb, k1);
	}
 
	if (k1[0] < 0x80)   //generate k2
	{
		leftshift(16, k1, k2);
	}
	else
	{
		leftshift(16, k1, k2);
		ArrayXor(16, k2, Rb, k2);
	}
}
 
void GenerateMAC(int len, uint8_t *add, uint8_t *macvalue)
{
	int i,block;
	uint8_t IVtemp[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
	uint8_t Blocktemp[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
 
		
	if (len % 16 == 0 && len!=0)
	{
		mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
		block = len / 16;
		for (i = 0; i < block-1; i++)
		{
			ArrayXor(16, &add[i * 16], IVtemp, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, IVtemp);
		}
		ArrayXor(16, &add[(block-1)*16], IVtemp, Blocktemp);
		ArrayXor(16, Blocktemp, k1, Blocktemp);
		mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
	}
	else
	{
		if (len==0)
		{
			mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
			block = 1;
			Blocktemp[0] = 0x80;//padding the first bit with 1
			ArrayXor(16, Blocktemp, k2, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
		}
		else
		{
			mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
			uint8_t remain = len % 16;
			block = len / 16 + 1;
			for (i = 0; i < block - 1; i++)
			{
				ArrayXor(16, &add[i * 16], IVtemp, Blocktemp);
				mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, IVtemp);
			}
			// the last block padding
			for (i = 0; i < remain; i++) 
			{
				Blocktemp[i] = add[(block - 1) * 16 + i];
			}
			Blocktemp[remain] = 0x80;
			for (i = remain + 1; i < 16; i++)
			{
				Blocktemp[i] = 0;
			}
			// end of the last block padding			
			
			ArrayXor(16, Blocktemp, k2, Blocktemp);
			ArrayXor(16, Blocktemp, IVtemp, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
		}
 
	}
}
 
uint8_t VerifyMAC(int len, uint8_t *add, uint8_t *macvalue1)
{
	int i, block;
	uint8_t IVtemp[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
	uint8_t Blocktemp[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
	uint8_t macvalue[16];
	uint8_t result=1;
 
 
	if (len % 16 == 0 && len != 0)
	{
		mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
		block = len / 16;
		for (i = 0; i < block - 1; i++)
		{
			ArrayXor(16, &add[i * 16], IVtemp, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, IVtemp);
		}
		ArrayXor(16, &add[(block - 1) * 16], IVtemp, Blocktemp);
		ArrayXor(16, Blocktemp, k1, Blocktemp);
		mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
	}
	else
	{
		if (len == 0)
		{
			mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
			block = 1;
			Blocktemp[0] = 0x80;//padding the first bit with 1
			ArrayXor(16, Blocktemp, k2, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
		}
		else
		{
			mbedtls_aes_setkey_enc(&aes, MACkey, 128);// load mac key
			uint8_t remain = len % 16;
			block = len / 16 + 1;
			for (i = 0; i < block - 1; i++)
			{
				ArrayXor(16, &add[i * 16], IVtemp, Blocktemp);
				mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, IVtemp);
			}
			// the last block padding
			for (i = 0; i < remain; i++)
			{
				Blocktemp[i] = add[(block - 1) * 16 + i];
			}
			Blocktemp[remain] = 0x80;
			for (i = remain + 1; i < 16; i++)
			{
				Blocktemp[i] = 0;
			}
			// end of the last block padding			
 
			ArrayXor(16, Blocktemp, k2, Blocktemp);
			ArrayXor(16, Blocktemp, IVtemp, Blocktemp);
			mbedtls_aes_crypt_ecb(&aes, AES_ENCRYPT, Blocktemp, macvalue);
		}
 
	}
	result = 1;
	for (i = 0; i < 16; i++)
	{
		if (macvalue[i] != macvalue1[i])
		{
			return(result);
		}
	}
	result = 0;
	return(result);
}

Main函数部分代码如下：

<pre class="cpp" name="code">int main()
{
uint8_t data[64] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
		                 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 
						 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
						 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 };
	uint8_t tf=2;
	
	uint8_t tk[16] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
	LoadMacKey(tk);//加载MAC key
	GenerateMAC(33, data, MAC);// 数据字节长度，数据地址，MAC地址
	tf=VerifyMAC(33, data, MAC); // 数据字节长度，数据地址，MAC地址
}