aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/test
diff options
context:
space:
mode:
authorPetr Gotthard <[email protected]>2016-07-30 10:51:47 -0700
committerPetr Gotthard <[email protected]>2016-07-30 10:51:47 -0700
commit1cdaf0a6fd8dbbf08fe88dd148424df4da683f48 (patch)
treed4adc04cde9958587a25311c8259315e8ff326d2 /lib/crypto/test
parent9c97ca598a1858d7b43799dee03a5c129b81220a (diff)
downloadotp-1cdaf0a6fd8dbbf08fe88dd148424df4da683f48.tar.gz
otp-1cdaf0a6fd8dbbf08fe88dd148424df4da683f48.tar.bz2
otp-1cdaf0a6fd8dbbf08fe88dd148424df4da683f48.zip
crypto:cmac calculating the Cipher-based Message Authentication Code
The ERL-82 issue requests a way to calculate a CMAC in Erlang. The AES128 CMAC is standartized in RFC 4493 and used e.g. for message authentication in the LoRaWAN networks. The CMAC is implemented by OpenSSL since v1.0.1, but as @IngelaAndin stated in response to the ERL-82, the current crypto implementation does not include functions that call those OpenSSL cryptolib functions. This commit introduces a new function `crypto:cmac` that calls the corresponding OpenSSL functions and calculates the CMAC. Only the cmac_nif is implemented. The incremental functions (init, update, final) are not provided because the current OpenSSL does not allow custom memory allocators like `enif_alloc_resource`. The Erlang user guide states that at least OpenSSL 0.9.8 is required, so I added few #ifdefs so the code is compatible with all versions. However, the OpenSSL pages say that the pre-1.0.1 versions (0.9.8 and 1.0.0) are no longer maintained. Even the 1.0.1 will be retired by Dec 2016. Hence I believe that adding a 1.0.1-only function like CMAC should be OK.
Diffstat (limited to 'lib/crypto/test')
-rw-r--r--lib/crypto/test/crypto_SUITE.erl89
1 files changed, 83 insertions, 6 deletions
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 6732f27824..90514821a8 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -95,10 +95,10 @@ groups() ->
{des_ede3,[], [block]},
{des3_cbf,[], [block]},
{rc2_cbc,[], [block]},
- {aes_cbc128,[], [block]},
+ {aes_cbc128,[], [block, cmac]},
{aes_cfb8,[], [block]},
{aes_cfb128,[], [block]},
- {aes_cbc256,[], [block]},
+ {aes_cbc256,[], [block, cmac]},
{aes_ecb,[], [block]},
{aes_ige256,[], [block]},
{blowfish_cbc, [], [block]},
@@ -194,6 +194,13 @@ hmac(Config) when is_list(Config) ->
hmac(Type, lists:map(fun iolistify/1, Keys), lists:map(fun iolistify/1, Data), Expected),
hmac_increment(Type).
%%--------------------------------------------------------------------
+cmac() ->
+ [{doc, "Test all different cmac functions"}].
+cmac(Config) when is_list(Config) ->
+ Pairs = proplists:get_value(cmac, Config),
+ lists:foreach(fun cmac_check/1, Pairs),
+ lists:foreach(fun cmac_check/1, cmac_iolistify(Pairs)).
+%%--------------------------------------------------------------------
block() ->
[{doc, "Test block ciphers"}].
block(Config) when is_list(Config) ->
@@ -346,6 +353,23 @@ hmac_increment(State0, [Increment | Rest]) ->
State = crypto:hmac_update(State0, Increment),
hmac_increment(State, Rest).
+cmac_check({Type, Key, Text, CMac}) ->
+ ExpCMac = iolist_to_binary(CMac),
+ case crypto:cmac(Type, Key, Text) of
+ ExpCMac ->
+ ok;
+ Other ->
+ ct:fail({{crypto, cmac, [Type, Key, Text]}, {expected, ExpCMac}, {got, Other}})
+ end;
+cmac_check({Type, Key, Text, Size, CMac}) ->
+ ExpCMac = iolist_to_binary(CMac),
+ case crypto:cmac(Type, Key, Text, Size) of
+ ExpCMac ->
+ ok;
+ Other ->
+ ct:fail({{crypto, cmac, [Type, Key, Text, Size]}, {expected, ExpCMac}, {got, Other}})
+ end.
+
block_cipher({Type, Key, PlainText}) ->
Plain = iolist_to_binary(PlainText),
CipherText = crypto:block_encrypt(Type, Key, PlainText),
@@ -566,11 +590,18 @@ mkint(C) when $a =< C, C =< $f ->
is_supported(Group) ->
lists:member(Group, lists:append([Algo || {_, Algo} <- crypto:supports()])).
+cmac_iolistify(Blocks) ->
+ lists:map(fun do_cmac_iolistify/1, Blocks).
block_iolistify(Blocks) ->
lists:map(fun do_block_iolistify/1, Blocks).
stream_iolistify(Streams) ->
lists:map(fun do_stream_iolistify/1, Streams).
+do_cmac_iolistify({Type, Key, Text, CMac}) ->
+ {Type, iolistify(Key), iolistify(Text), CMac};
+do_cmac_iolistify({Type, Key, Text, Size, CMac}) ->
+ {Type, iolistify(Key), iolistify(Text), Size, CMac}.
+
do_stream_iolistify({Type, Key, PlainText}) ->
{Type, iolistify(Key), iolistify(PlainText)};
do_stream_iolistify({Type, Key, IV, PlainText}) ->
@@ -798,12 +829,14 @@ group_config(des_ede3, Config) ->
group_config(rc2_cbc, Config) ->
Block = rc2_cbc(),
[{block, Block} | Config];
-group_config(aes_cbc128, Config) ->
+group_config(aes_cbc128 = Type, Config) ->
Block = aes_cbc128(),
- [{block, Block} | Config];
-group_config(aes_cbc256, Config) ->
+ Pairs = cmac_nist(Type),
+ [{block, Block}, {cmac, Pairs} | Config];
+group_config(aes_cbc256 = Type, Config) ->
Block = aes_cbc256(),
- [{block, Block} | Config];
+ Pairs = cmac_nist(Type),
+ [{block, Block}, {cmac, Pairs} | Config];
group_config(aes_ecb, Config) ->
Block = aes_ecb(),
[{block, Block} | Config];
@@ -2324,6 +2357,50 @@ ecc() ->
end,
TestCases).
+%% Test data from Appendix D of NIST Special Publication 800-38B
+%% http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
+%% The same AES128 test data are also in the RFC 4493
+%% https://tools.ietf.org/html/rfc4493
+cmac_nist(aes_cbc128 = Type) ->
+ Key = hexstr2bin("2b7e151628aed2a6abf7158809cf4f3c"),
+ [{Type, Key, <<"">>,
+ hexstr2bin("bb1d6929e95937287fa37d129b756746")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"),
+ hexstr2bin("070a16b46b4d4144f79bdd9dd04a287c")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411"),
+ hexstr2bin("dfa66747de9ae63030ca32611497c827")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ hexstr2bin("51f0bebf7e3b9d92fc49741779363cfe")},
+ % truncation
+ {Type, Key, <<"">>, 4,
+ hexstr2bin("bb1d6929")}];
+
+cmac_nist(aes_cbc256 = Type) ->
+ Key = hexstr2bin("603deb1015ca71be2b73aef0857d7781"
+ "1f352c073b6108d72d9810a30914dff4"),
+ [{Type, Key, <<"">>,
+ hexstr2bin("028962f61b7bf89efc6b551f4667d983")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"),
+ hexstr2bin("28a7023f452e8f82bd4bf28d8c37c35c")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411"),
+ hexstr2bin("aaf3d8f1de5640c232f5b169b9c911e6")},
+ {Type, Key, hexstr2bin("6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"),
+ hexstr2bin("e1992190549f6ed5696a2c056c315410")},
+ % truncation
+ {Type, Key, <<"">>, 4,
+ hexstr2bin("028962f6")}].
+
+
no_padding() ->
Public = [_, Mod] = rsa_public(),
Private = rsa_private(),