Added initial support for CMAC

[NinjaRat84]

Introduces initial support for the CMAC (Cipher-based Message Authentication Code) algorithm to the cryptography-kotlin library.

[NinjaRat84]

This pull request is up for discussion, since I have a need for CMAC support in this library.
But not comfortable with the structure yet, so therefore a draft.

All input is welcome :)

[whyoleg]

Hey!
Thanks for the PR, do you mind making the API similar to HMAC?

[NinjaRat84]

Glad to be of service :)
Similar to this then, or any other things that looks weird?

[whyoleg]

I was thinking that it should have the same SignatureVerifier and SignatureGenerator based API there instead of update/reset.

Something like this:

@SubclassOptInRequired(CryptographyProviderApi::class)
public interface CMAC : CryptographyAlgorithm {
    override val id: CryptographyAlgorithmId< CMAC > get() = Companion

    public companion object : CryptographyAlgorithmId<CMAC>("CMAC")

    public fun keyDecoder(): KeyDecoder<Key.Format, Key>
    public fun keyGenerator(keySize: BinarySize): KeyGenerator<Key>

    @SubclassOptInRequired(CryptographyProviderApi::class)
    public interface Key : EncodableKey<Key.Format> {
        public fun signatureGenerator(): SignatureGenerator
        public fun signatureVerifier(): SignatureVerifier

        public enum class Format : KeyFormat { RAW }
    }
}

The only problem I see for now in this API is that we don't declare that it is AES based CMAC.
I don't know if in this case it might be better to call the interface AESCMAC (or even move it under the AES.CMAC).
At this point, I'm not sure, what will be the best API wise, but AES.CMAC placement is my favorite on current moment. In this case, it's only needed to declare the following in AES interface I believe:

    @SubclassOptInRequired(CryptographyProviderApi::class)
    public interface CMAC : AES<CMAC.Key> {
        override val id: CryptographyAlgorithmId<CMAC> get() = Companion

        public companion object : CryptographyAlgorithmId<CMAC>("AES-CMAC")

        @SubclassOptInRequired(CryptographyProviderApi::class)
        public interface Key : CMAC.Key {
            public fun signatureGenerator(): SignatureGenerator
            public fun signatureVerifier(): SignatureVerifier
        }
    }

If you still understand the idea (I know, that my description is a bit messy) and ready to continue working on the PR, I would be glad to help and will try in future to answer questions faster :)

In any case, thanks for the PR!

[NinjaRat84]

So basically this approach instead?

// Dummy data
val key = CryptographyRandom.nextBytes(16)
val salt = CryptographyRandom.nextBytes(16)

// getting default provider
val provider = CryptographyProvider.Default

// getting CMAC algorithm
val cmacProvider = provider.get(AES.CMAC)

// initializing CMAC
val decodedKey = cmacProvider.keyDecoder().decodeFromByteArrayBlocking(Key.Format.RAW, key)
val signFunction = decodedKey.signatureGenerator().createSignFunction()

// Update salt
signFunction.update(salt)

// Finalize CMAC
val derivedKey = signFunction.signToByteArray()

[whyoleg]

So basically this approach instead?

Yes, nice, thank you! I know that the naming with sign/verify is not the best (borrowed from WebCrypto), but still it's better to be uniform.

Feel free to convert the PR from draft when it will be ready, so I will do a proper API/implementation review.

[NinjaRat84]

Note: CMAC is only available for OpenSSL3 and JDK with BouncyCastle, not sure what I need to do in order to fix JDK tests to only run for BC.

But should be close to merge-ready now. :)

[whyoleg]

Note: CMAC is only available for OpenSSL3 and JDK with BouncyCastle, not sure what I need to do in order to fix JDK tests to only run for BC.

You need to add an additional branch here, saying that it's not supported on specific providers

Also, could you please AES.CMAC here?

[whyoleg]

One more time, thanks for the PR and a great work!
I've left several comments. Could you take a look?
If you need any help, just ping me!

[whyoleg]

This should not be needed, and you should be able to reuse SignatureData. You can take a look on HmacCompatibilityTest on how it's used there

[whyoleg]

Could you please provide some information, on where those testvectors are coming from?
If they are from RFC, then leave a link like in HMAC tests or if not, a bit of explanation on why those specific values are generated

[whyoleg]

minor: it would be nice to make the testCase accept hexes and make methods more declarative, easier to read and with less noise (similar to other testvectors tests):

    @Test
     fun testDiversifyKeyCase1() = testCase(
         keyHex = "2b7e151628aed2a6abf7158809cf4f3c",
         saltHex = "6bc1bee22e409f96e93d7e117393172a",
         resultHex = "070a16b46b4d4144f79bdd9dd04a287c"
     )

[whyoleg]

I believe there is no need to add ⚠️ as it's not that delicate algorithm AFAIK

[whyoleg]

Please revert this, as there is no such coroutines version

[whyoleg]

minor: it would be nice in default tests to test at least that the size of signature(mac) is 128 bits

[whyoleg]

I believe, that there should be no parameters for CMAC here, so you can just use TestParameters.Empty in place (as in here)

[whyoleg]

api.signatures should be used here (and below in validate)
While at this point it doesn't really matter, I'm planning to implement more type-safe DSL for tests and this will be an issue :)

[whyoleg]

Suggested change

	val parametersList = buildList {
	// size of IV = 16
	(List(ivIterations) { ByteString(CryptographyRandom.nextBytes(16)) }).forEach { iv ->
	generateBoolean { padding ->
	val parameters = SignatureParameters(padding)
	val id = api.ciphers.saveParameters(parameters)
	add(id to parameters)
	}
	}
	}
	val signatureParametersId = api.signatures.saveParameters(TestParameters.Empty)

[whyoleg]

Should be just:

val dataIterations = when {
  isStressTest -> 10
  else         -> 5
}