Algorithm - CMAC
Functions
| Name | |
|---|---|
| int | wc_InitCmac(Cmac * cmac, const byte * key, word32 keySz, int type, void * unused) Initialize the Cmac structure with defaults. |
| int | wc_InitCmac_ex(Cmac * cmac, const byte * key, word32 keySz, int type, void * unused, void * heap, int devId) Initialize the Cmac structure with defaults. |
| int | wc_CmacUpdate(Cmac * cmac, const byte * in, word32 inSz) Add Cipher-based Message Authentication Code input data. |
| int | wc_CmacFinalNoFree(Cmac * cmac, byte * out, word32 * outSz) Generate the final result using Cipher-based Message Authentication Code, deferring context cleanup. |
| int | wc_CmacFinal(Cmac * cmac, byte * out, word32 * outSz) Generate the final result using Cipher_based Message Authentication Code, and clean up the context withwc_CmacFree(). |
| int | wc_CmacFree(Cmac * cmac) Clean up allocations in a CMAC context. |
| int | wc_AesCmacGenerate(byte * out, word32 * outSz, const byte * in, word32 inSz, const byte * key, word32 keySz) Single shot function for generating a CMAC. |
| int | wc_AesCmacVerify(const byte * check, word32 checkSz, const byte * in, word32 inSz, const byte * key, word32 keySz) Single shot function for validating a CMAC. |
| int | wc_CMAC_Grow(Cmac * cmac, const byte * in, int inSz) Only used with WOLFSSL_HASH_KEEP when hardware requires single-shot and the updates must be cached in memory. |
| int | wc_AesCmacGenerate_ex(Cmac * cmac, byte * out, word32 * outSz, const byte * in, word32 inSz, const byte * key, word32 keySz, void * heap, int devId) Single shot AES-CMAC generation with extended parameters including heap and device ID. |
| int | wc_AesCmacVerify_ex(Cmac * cmac, const byte * check, word32 checkSz, const byte * in, word32 inSz, const byte * key, word32 keySz, void * heap, int devId) Single shot AES-CMAC verification with extended parameters including heap and device ID. |
Functions Documentation
function wc_InitCmac
int wc_InitCmac( Cmac * cmac, const byte * key, word32 keySz, int type, void * unused)Initialize the Cmac structure with defaults.
Parameters:
- cmac pointer to the Cmac structure
- key key pointer
- keySz size of the key pointer (16, 24 or 32)
- type Always WC_CMAC_AES = 1
- unused not used, exists for potential future use around compatibility
See:
Return: 0 on success
Example
Cmac cmac[1];ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);if (ret == 0) { ret = wc_CmacUpdate(cmac, in, inSz);}if (ret == 0) { ret = wc_CmacFinal(cmac, out, outSz);}function wc_InitCmac_ex
int wc_InitCmac_ex( Cmac * cmac, const byte * key, word32 keySz, int type, void * unused, void * heap, int devId)Initialize the Cmac structure with defaults.
Parameters:
- cmac pointer to the Cmac structure
- key key pointer
- keySz size of the key pointer (16, 24 or 32)
- type Always WC_CMAC_AES = 1
- unused not used, exists for potential future use around compatibility
- heap pointer to the heap hint used for dynamic allocation. Typically used with our static memory option. Can be NULL.
- devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
See:
Return: 0 on success
Example
Cmac cmac[1];ret = wc_InitCmac_ex(cmac, key, keySz, WC_CMAC_AES, NULL, NULL, INVALID_DEVID);if (ret == 0) { ret = wc_CmacUpdate(cmac, in, inSz);}if (ret == 0) { ret = wc_CmacFinal(cmac, out, &outSz);}function wc_CmacUpdate
int wc_CmacUpdate( Cmac * cmac, const byte * in, word32 inSz)Add Cipher-based Message Authentication Code input data.
Parameters:
- cmac pointer to the Cmac structure
- in input data to process
- inSz size of input data
See:
Return: 0 on success
Example
ret = wc_CmacUpdate(cmac, in, inSz);function wc_CmacFinalNoFree
int wc_CmacFinalNoFree( Cmac * cmac, byte * out, word32 * outSz)Generate the final result using Cipher-based Message Authentication Code, deferring context cleanup.
Parameters:
- cmac pointer to the Cmac structure
- out pointer to return the result
- outSz pointer size of output (in/out)
See:
Return: 0 on success
Example
ret = wc_CmacFinalNoFree(cmac, out, &outSz);(void)wc_CmacFree(cmac);function wc_CmacFinal
int wc_CmacFinal( Cmac * cmac, byte * out, word32 * outSz)Generate the final result using Cipher-based Message Authentication Code, and clean up the context withwc_CmacFree().
Parameters:
- cmac pointer to the Cmac structure
- out pointer to return the result
- outSz pointer size of output (in/out)
See:
Return: 0 on success
Example
ret = wc_CmacFinal(cmac, out, &outSz);function wc_CmacFree
int wc_CmacFree( Cmac * cmac)Clean up allocations in a CMAC context.
Parameters:
- cmac pointer to the Cmac structure
See:
Return: 0 on success
Example
ret = wc_CmacFinalNoFree(cmac, out, &outSz);(void)wc_CmacFree(cmac);function wc_AesCmacGenerate
int wc_AesCmacGenerate( byte * out, word32 * outSz, const byte * in, word32 inSz, const byte * key, word32 keySz)Single shot function for generating a CMAC.
Parameters:
- out pointer to return the result
- outSz pointer size of output (in/out)
- in input data to process
- inSz size of input data
- key key pointer
- keySz size of the key pointer (16, 24 or 32)
See:wc_AesCmacVerify
Return: 0 on success
Example
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);function wc_AesCmacVerify
int wc_AesCmacVerify( const byte * check, word32 checkSz, const byte * in, word32 inSz, const byte * key, word32 keySz)Single shot function for validating a CMAC.
Parameters:
- check CMAC value to verify
- checkSz size of check buffer
- in input data to process
- inSz size of input data
- key key pointer
- keySz size of the key pointer (16, 24 or 32)
Return: 0 on success
Example
ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);function wc_CMAC_Grow
int wc_CMAC_Grow( Cmac * cmac, const byte * in, int inSz)Only used with WOLFSSL_HASH_KEEP when hardware requires single-shot and the updates must be cached in memory.
Parameters:
- in input data to process
- inSz size of input data
Return: 0 on success
Example
ret = wc_CMAC_Grow(cmac, in, inSz)function wc_AesCmacGenerate_ex
int wc_AesCmacGenerate_ex( Cmac * cmac, byte * out, word32 * outSz, const byte * in, word32 inSz, const byte * key, word32 keySz, void * heap, int devId)Single shot AES-CMAC generation with extended parameters including heap and device ID.
Parameters:
- cmac Pointer to Cmac structure (can be NULL for one-shot)
- out Buffer to store MAC output
- outSz Pointer to output size (in/out)
- in Input data to authenticate
- inSz Length of input data
- key AES key
- keySz Key size (16, 24, or 32 bytes)
- heap Heap hint for memory allocation (can be NULL)
- devId Device ID for hardware acceleration (use INVALID_DEVID for software)
See:
Return:
- 0 on success
- BAD_FUNC_ARG if parameters are invalid
Example
byte mac[AES_BLOCK_SIZE];word32 macSz = sizeof(mac);byte key[16], msg[64];int ret = wc_AesCmacGenerate_ex(NULL, mac, &macSz, msg, sizeof(msg), key, sizeof(key), NULL, INVALID_DEVID);function wc_AesCmacVerify_ex
int wc_AesCmacVerify_ex( Cmac * cmac, const byte * check, word32 checkSz, const byte * in, word32 inSz, const byte * key, word32 keySz, void * heap, int devId)Single shot AES-CMAC verification with extended parameters including heap and device ID.
Parameters:
- cmac Pointer to Cmac structure (can be NULL for one-shot)
- check Expected MAC value to verify
- checkSz Size of expected MAC
- in Input data to authenticate
- inSz Length of input data
- key AES key
- keySz Key size (16, 24, or 32 bytes)
- heap Heap hint for memory allocation (can be NULL)
- devId Device ID for hardware acceleration (use INVALID_DEVID for software)
See:
Return:
- 0 on success
- BAD_FUNC_ARG if parameters are invalid
- MAC_CMP_FAILED_E if MAC verification fails
Example
byte mac[AES_BLOCK_SIZE];byte key[16], msg[64];int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg, sizeof(msg), key, sizeof(key), NULL, INVALID_DEVID);if (ret == MAC_CMP_FAILED_E) { // MAC verification failed}Updated on 2026-02-20 at 02:00:32 +0000