AnsweredAssumed Answered

C29x AES-CMAC partial block support

Question asked by kevinwhitfield on Oct 12, 2018
Latest reply on Oct 22, 2018 by bpe

I'm attempting to use the C29x crypto accelerator to implement an AES-CMAC functionality.  For validation, I'm using AES CMAC test vectors from NIST (https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/cmactestvectors.zip).

 

What I'm finding is that incorrect signatures are being generated for messages which are not a multiple of 16-bytes in length. At the same time, the "C29x Crypto Coprocessor Family Reference Manual" implies that partial blocks are supported ("final MAC is computed using either K1 or K2, derived from L as needed").

 

For example given this NIST test case:

 

Count = 48
Klen = 16
Mlen = 33
Tlen = 4
Key = 499db5a3ecc83d34fd885fde06931097
Msg = f2783540c9e1706ee3e7a43e71833987bb72441c1e2eab58501c8bfaec07d6332a
Mac = 8e9649db

 

the computed (full-sized) Mac is 122ac7d890acdb691b88d0ac278e2df1, rather than something beginning with 8e9649db.

 

FWIW, the operation is being performed using OP_ALG_AS_INITFINAL, to effect a single INIT/UPDATE/FINAL operation.

 

I'd appreciate any suggestions and/or guidance that anyone has to offer on how to perform CMAC processing of messages which are not an even number of blocks..

 

Thanks!

 

Kevin##

Outcomes