Support for CMAC (#69)

Supported by JDK BouncyCastle and OpenSSL3 providers

Author: NinjaRat84

build-logic/src/main/kotlin/ckbuild/tests/GenerateProviderTestsTask.kt

@@ -92,6 +92,9 @@ abstract class GenerateProviderTestsTask : DefaultTask() {
 
             "AesCbcTest",
             "AesCbcCompatibilityTest",
+            "AesCmacTest",
+            "AesCmacCompatibilityTest",
+            "AesCmacTestvectorsTest",
             "AesCtrTest",
             "AesCtrCompatibilityTest",
             "AesEcbCompatibilityTest",

cryptography-core/api/cryptography-core.api

@@ -94,6 +94,19 @@ public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CBC$Key
 	public static synthetic fun cipher$default (Ldev/whyoleg/cryptography/algorithms/AES$CBC$Key;ZILjava/lang/Object;)Ldev/whyoleg/cryptography/algorithms/AES$IvCipher;
 }
 
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CMAC : dev/whyoleg/cryptography/algorithms/AES {
+	public static final field Companion Ldev/whyoleg/cryptography/algorithms/AES$CMAC$Companion;
+	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;
+}
+
+public final class dev/whyoleg/cryptography/algorithms/AES$CMAC$Companion : dev/whyoleg/cryptography/CryptographyAlgorithmId {
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CMAC$Key : dev/whyoleg/cryptography/algorithms/AES$Key {
+	public abstract fun signatureGenerator ()Ldev/whyoleg/cryptography/operations/SignatureGenerator;
+	public abstract fun signatureVerifier ()Ldev/whyoleg/cryptography/operations/SignatureVerifier;
+}
+
 public abstract interface class dev/whyoleg/cryptography/algorithms/AES$CTR : dev/whyoleg/cryptography/algorithms/AES {
 	public static final field Companion Ldev/whyoleg/cryptography/algorithms/AES$CTR$Companion;
 	public fun getId ()Ldev/whyoleg/cryptography/CryptographyAlgorithmId;

cryptography-core/api/cryptography-core.klib.api

@@ -30,6 +30,18 @@ abstract interface <#A: dev.whyoleg.cryptography.algorithms/AES.Key> dev.whyoleg
         final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CBC> // dev.whyoleg.cryptography.algorithms/AES.CBC.Companion|null[0]
     }
 
+    abstract interface CMAC : dev.whyoleg.cryptography.algorithms/AES<dev.whyoleg.cryptography.algorithms/AES.CMAC.Key> { // dev.whyoleg.cryptography.algorithms/AES.CMAC|null[0]
+        open val id // dev.whyoleg.cryptography.algorithms/AES.CMAC.id|{}id[0]
+            open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CMAC> // dev.whyoleg.cryptography.algorithms/AES.CMAC.id.<get-id>|<get-id>(){}[0]
+
+        abstract interface Key : dev.whyoleg.cryptography.algorithms/AES.Key { // dev.whyoleg.cryptography.algorithms/AES.CMAC.Key|null[0]
+            abstract fun signatureGenerator(): dev.whyoleg.cryptography.operations/SignatureGenerator // dev.whyoleg.cryptography.algorithms/AES.CMAC.Key.signatureGenerator|signatureGenerator(){}[0]
+            abstract fun signatureVerifier(): dev.whyoleg.cryptography.operations/SignatureVerifier // dev.whyoleg.cryptography.algorithms/AES.CMAC.Key.signatureVerifier|signatureVerifier(){}[0]
+        }
+
+        final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CMAC> // dev.whyoleg.cryptography.algorithms/AES.CMAC.Companion|null[0]
+    }
+
     abstract interface CTR : dev.whyoleg.cryptography.algorithms/AES<dev.whyoleg.cryptography.algorithms/AES.CTR.Key> { // dev.whyoleg.cryptography.algorithms/AES.CTR|null[0]
         open val id // dev.whyoleg.cryptography.algorithms/AES.CTR.id|{}id[0]
             open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.CTR> // dev.whyoleg.cryptography.algorithms/AES.CTR.id.<get-id>|<get-id>(){}[0]

cryptography-core/src/commonMain/kotlin/algorithms/AES.kt

@@ -60,6 +60,19 @@ public interface AES<K : AES.Key> : CryptographyAlgorithm {
         }
     }
 
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface CMAC : AES<CMAC.Key> {
+        override val id: CryptographyAlgorithmId<CMAC> get() = Companion
+
+        public companion object : CryptographyAlgorithmId<CMAC>("AES-CMAC")
+
+        @SubclassOptInRequired(CryptographyProviderApi::class)
+        public interface Key : AES.Key {
+            public fun signatureGenerator(): SignatureGenerator
+            public fun signatureVerifier(): SignatureVerifier
+        }
+    }
+
     @SubclassOptInRequired(CryptographyProviderApi::class)
     public interface CTR : AES<CTR.Key> {
         override val id: CryptographyAlgorithmId<CTR> get() = Companion

cryptography-providers-tests-api/src/commonMain/kotlin/support.kt

@@ -127,6 +127,7 @@ fun AlgorithmTestScope<out EC<*, *, *>>.supportsPrivateKeyDecoding(
 
 fun ProviderTestScope.supports(algorithmId: CryptographyAlgorithmId<*>): Boolean = validate {
     when {
+        algorithmId == AES.CMAC && provider.isJdkDefault -> "Default JDK provider doesn't support AES-CMAC, only supported with BouncyCastle"
         algorithmId == RSA.PSS &&
                 provider.isJdkDefault &&
                 platform.isAndroid                    -> "JDK provider on Android doesn't support RSASSA-PSS"

cryptography-providers-tests/src/commonMain/kotlin/SupportedAlgorithmsTest.kt

@@ -24,8 +24,10 @@ abstract class SupportedAlgorithmsTest(provider: CryptographyProvider) : Provide
 
     @Test
     fun testSupported() = testWithProvider {
+
         assertSupports(AES.ECB, !context.provider.isWebCrypto)
         assertSupports(AES.CBC)
+        assertSupports(AES.CMAC, !context.provider.isApple && !context.provider.isWebCrypto)
         assertSupports(AES.CTR)
         assertSupports(AES.GCM, !context.provider.isApple)
 

cryptography-providers-tests/src/commonMain/kotlin/compatibility/AesCmacCompatibilityTest.kt

@@ -0,0 +1,54 @@
+package dev.whyoleg.cryptography.providers.tests.compatibility
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.providers.tests.api.assertVerifySignature
+import dev.whyoleg.cryptography.providers.tests.api.compatibility.*
+import dev.whyoleg.cryptography.random.*
+import kotlinx.io.bytestring.*
+import kotlinx.serialization.*
+import kotlin.test.*
+
+private const val maxPlaintextSize = 10000
+
+abstract class AesCmacCompatibilityTest(provider: CryptographyProvider) :
+    AesBasedCompatibilityTest<AES.CMAC.Key, AES.CMAC>(AES.CMAC, provider) {
+
+    override suspend fun CompatibilityTestScope<AES.CMAC>.generate(isStressTest: Boolean) {
+        val dataIterations = when {
+            isStressTest -> 10
+            else         -> 5
+        }
+
+        val signatureParametersId = api.signatures.saveParameters(TestParameters.Empty)
+        generateKeys(isStressTest) { key, keyReference, _ ->
+            val signer = key.signatureGenerator()
+            val verifier = key.signatureVerifier()
+            repeat(dataIterations) {
+                val dataSize = CryptographyRandom.nextInt(maxPlaintextSize)
+                logger.log { "dataSize  = $dataSize" }
+
+                val data = ByteString(CryptographyRandom.nextBytes(dataSize))
+                val signature = signer.generateSignatureBlocking(data)
+                logger.log { "signature.size = ${signature.size}" }
+
+                verifier.assertVerifySignature(data, signature, "Initial Verify")
+                api.ciphers.saveData(signatureParametersId, SignatureData(keyReference, data, signature))
+            }
+        }
+    }
+
+    override suspend fun CompatibilityTestScope<AES.CMAC>.validate() {
+        val keys = validateKeys()
+        api.ciphers.getParameters<TestParameters.Empty> { _, parametersId, _ ->
+            api.ciphers.getData<SignatureData>(parametersId) { (keyReference, data, signature), _, _ ->
+                keys[keyReference]?.forEach { key ->
+                    val verifier = key.signatureVerifier()
+                    val generator = key.signatureGenerator()
+                    verifier.assertVerifySignature(data, signature, "Verify")
+                    verifier.assertVerifySignature(data, generator.generateSignature(data), "Sign-Verify")
+                }
+            }
+        }
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/default/AesCmacTest.kt

@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.tests.default
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.random.*
+import kotlin.test.*
+
+abstract class AesCmacTest(provider: CryptographyProvider) : AesBasedTest<AES.CMAC>(AES.CMAC, provider) {
+
+    @Test
+    fun verifyResult() = runTestForEachKeySize {
+        val key = algorithm.keyGenerator(keySize).generateKey()
+        val data = CryptographyRandom.nextBytes(100)
+        val signature = key.signatureGenerator().generateSignature(data)
+        assertTrue(key.signatureVerifier().tryVerifySignature(data, signature))
+    }
+}

cryptography-providers-tests/src/commonMain/kotlin/testvectors/AesCmacTestvectorsTest.kt

@@ -0,0 +1,60 @@
+package dev.whyoleg.cryptography.providers.tests.testvectors
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.algorithms.AES.*
+
+import dev.whyoleg.cryptography.providers.tests.api.*
+import kotlin.test.*
+
+/**
+ * Vector test for AES-CMAC algorithm found in:
+ * https://datatracker.ietf.org/doc/html/rfc5297
+ * https://github.com/aead/cmac/blob/master/vectors_test.go
+ * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_Core_All.pdf
+ */
+abstract class AesCmacTestvectorsTest(provider: CryptographyProvider) : AlgorithmTest<CMAC>(CMAC, provider) {
+
+    private fun testCase(key: String, salt: String, expected: String) {
+        testWithAlgorithm {
+            val key = algorithm.keyDecoder().decodeFromByteArrayBlocking(format = Key.Format.RAW, bytes = key.hexToByteArray())
+            val result = key.signatureGenerator().createSignFunction()
+                .apply { update(salt.hexToByteArray()) }
+                .signToByteArray()
+            assertEquals(16, result.size)
+            assertEquals(result.toHexString(), expected)
+        }
+    }
+
+    @Test
+    fun testDiversifyKeyCase1() {
+        val key = "2b7e151628aed2a6abf7158809cf4f3c"
+        val salt = "6bc1bee22e409f96e93d7e117393172a"
+        val result = "070a16b46b4d4144f79bdd9dd04a287c"
+        testCase(key, salt, result)
+    }
+
+    @Test
+    fun testDiversifyKeyCase2() {
+        val key = "2b7e151628aed2a6abf7158809cf4f3c"
+        val salt = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411"
+        val result = "dfa66747de9ae63030ca32611497c827"
+        testCase(key, salt, result)
+    }
+
+    @Test
+    fun testDiversifyKeyCase3() {
+        val key = "2b7e151628aed2a6abf7158809cf4f3c"
+        val salt = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411"
+        val result = "dfa66747de9ae63030ca32611497c827"
+        testCase(key, salt, result)
+    }
+
+    @Test
+    fun testDiversifyKeyCase4() {
+        val key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"
+        val salt = ""
+        val result = "028962f61b7bf89efc6b551f4667d983"
+        testCase(key, salt, result)
+    }
+}

cryptography-providers/jdk/src/jvmMain/kotlin/JdkCryptographyProvider.kt

@@ -78,19 +78,20 @@ internal class JdkCryptographyProvider(
             SHA3_384  -> JdkDigest(state, "SHA3-384", SHA3_384)
             SHA3_512  -> JdkDigest(state, "SHA3-512", SHA3_512)
             RIPEMD160 -> JdkDigest(state, "RIPEMD160", RIPEMD160)
-            HMAC     -> JdkHmac(state)
-            AES.CBC  -> JdkAesCbc(state)
-            AES.CTR  -> JdkAesCtr(state)
-            AES.ECB  -> JdkAesEcb(state)
-            AES.GCM  -> JdkAesGcm(state)
-            RSA.OAEP -> JdkRsaOaep(state)
+            HMAC      -> JdkHmac(state)
+            AES.CBC   -> JdkAesCbc(state)
+            AES.CMAC  -> JdkAesCmac(state)
+            AES.CTR   -> JdkAesCtr(state)
+            AES.ECB   -> JdkAesEcb(state)
+            AES.GCM   -> JdkAesGcm(state)
+            RSA.OAEP  -> JdkRsaOaep(state)
             RSA.PSS   -> JdkRsaPss(state)
             RSA.PKCS1 -> JdkRsaPkcs1(state)
-            RSA.RAW  -> JdkRsaRaw(state)
+            RSA.RAW   -> JdkRsaRaw(state)
             ECDSA     -> JdkEcdsa(state)
-            ECDH   -> JdkEcdh(state)
-            PBKDF2 -> JdkPbkdf2(state)
-            HKDF   -> JdkHkdf(state, this)
+            ECDH      -> JdkEcdh(state)
+            PBKDF2    -> JdkPbkdf2(state)
+            HKDF      -> JdkHkdf(state, this)
             else      -> null
         }
     } as A?

cryptography-providers/jdk/src/jvmMain/kotlin/algorithms/JdkAesCmac.kt

@@ -0,0 +1,38 @@
+package dev.whyoleg.cryptography.providers.jdk.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.materials.key.*
+import dev.whyoleg.cryptography.operations.*
+import dev.whyoleg.cryptography.providers.jdk.*
+import dev.whyoleg.cryptography.providers.jdk.materials.*
+import dev.whyoleg.cryptography.providers.jdk.operations.*
+
+internal class JdkAesCmac(
+    private val state: JdkCryptographyState,
+) : AES.CMAC {
+    private val algorithm = "AESCMAC"
+    private val keyWrapper: (JSecretKey) -> AES.CMAC.Key = { key -> JdkAesCmacKey(state, key) }
+    private val keyDecoder = JdkSecretKeyDecoder<AES.Key.Format, _>(algorithm, keyWrapper)
+
+    override fun keyDecoder(): KeyDecoder<AES.Key.Format, AES.CMAC.Key> = keyDecoder
+    override fun keyGenerator(keySize: BinarySize): KeyGenerator<AES.CMAC.Key> = JdkSecretKeyGenerator(state, "AES", keyWrapper) {
+        init(keySize.inBits, state.secureRandom)
+    }
+}
+
+private class JdkAesCmacKey(
+    state: JdkCryptographyState,
+    key: JSecretKey,
+) : AES.CMAC.Key, JdkEncodableKey<AES.Key.Format>(key) {
+    private val algorithm = "AESCMAC"
+    private val signature = JdkMacSignature(state, key, algorithm)
+
+    override fun signatureGenerator(): SignatureGenerator = signature
+    override fun signatureVerifier(): SignatureVerifier = signature
+
+    override fun encodeToByteArrayBlocking(format: AES.Key.Format): ByteArray = when (format) {
+        AES.Key.Format.JWK -> error("$format is not supported")
+        AES.Key.Format.RAW -> encodeToRaw()
+    }
+}

cryptography-providers/openssl3/api/src/commonMain/kotlin/Openssl3CryptographyProvider.kt

@@ -33,6 +33,7 @@ internal object Openssl3CryptographyProvider : CryptographyProvider() {
         RIPEMD160 -> Openssl3Digest("RIPEMD160", RIPEMD160)
         HMAC    -> Openssl3Hmac
         AES.CBC -> Openssl3AesCbc
+        AES.CMAC -> Openssl3AesCmac
         AES.CTR -> Openssl3AesCtr
         AES.ECB -> Openssl3AesEcb
         AES.GCM -> Openssl3AesGcm