Add references to RFC 4493 in comments about AesCMac.

Arnaud Kapp · Arnaud Kapp · commit f09579ef76fa · 2024-01-15T17:57:40.000+01:00
Signed-off-by: Arnaud Kapp &lt;arnaud.kapp@hidglobal.com&gt;
diff --git a/cryptoki/src/mechanism/mod.rs b/cryptoki/src/mechanism/mod.rs
@@ -71,7 +71,7 @@ impl MechanismType {
         val: CKM_AES_CBC_ENCRYPT_DATA,
     };
 
-    /// AES-CMAC mechanism
+    /// AES-CMAC mechanism (See RFC 4493)
     pub const AES_CMAC: MechanismType = MechanismType { val: CKM_AES_CMAC };
 
     // RSA
@@ -718,7 +718,7 @@ pub enum Mechanism<'a> {
     /// For derivation, the message length must be a multiple of the block
     /// size. See <https://www.cryptsoft.com/pkcs11doc/v220/>.
     AesCbcEncryptData(ekdf::AesCbcDeriveParams<'a>),
-    /// AES CMAC
+    /// AES CMAC (RFC 4493)
     AesCMac,
 
     // RSA
diff --git a/cryptoki/tests/basic.rs b/cryptoki/tests/basic.rs
@@ -1197,22 +1197,89 @@ fn ekdf_aes_cbc_encrypt_data() -> TestResult {
 
 #[test]
 #[serial]
-fn aes_cmac_sign() -> TestResult {
+fn sign_verify_sha256_hmac() -> TestResult {
     let (pkcs11, slot) = init_pins();
     let session = pkcs11.open_rw_session(slot)?;
     session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
+
+    let priv_key_template = vec![
+        Attribute::Token(true),
+        Attribute::Private(true),
+        Attribute::Sensitive(true),
+        Attribute::Sign(true),
+        Attribute::KeyType(KeyType::GENERIC_SECRET),
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::ValueLen(256.into()),
+    ];
+
+    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
+
+    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
+
+    let signature = session.sign(&Mechanism::Sha256Hmac, private, &data)?;
+
+    session.verify(&Mechanism::Sha256Hmac, private, &data, &signature)?;
+
+    session.destroy_object(private)?;
+    Ok(())
+}
+
+/// AES-CMAC test vectors from RFC 4493
+#[test]
+#[serial]
+fn aes_cmac_sign() -> TestResult {
     let key: [u8; 16] = [
         0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f,
         0x3c,
     ];
-    let message: [u8; 16] = [
+
+    let message_len0: [u8; 0] = [];
+    let expected_mac_len0: [u8; 16] = [
+        0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67,
+        0x46,
+    ];
+    aes_cmac_sign_impl(key, &message_len0, expected_mac_len0)?;
+
+    let message_len16: [u8; 16] = [
         0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
         0x2a,
     ];
-    let expected_mac: [u8; 16] = [
+    let expected_mac_len16: [u8; 16] = [
         0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28,
         0x7c,
     ];
+    aes_cmac_sign_impl(key, &message_len16, expected_mac_len16)?;
+
+    let message_len40: [u8; 40] = [
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
+        0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf,
+        0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+    ];
+
+    let expected_mac_len40: [u8; 16] = [
+        0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8,
+        0x27,
+    ];
+    aes_cmac_sign_impl(key, &message_len40, expected_mac_len40)?;
+
+    let message_len64: [u8; 64] = [
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
+        0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf,
+        0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a,
+        0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
+        0xe6, 0x6c, 0x37, 0x10,
+    ];
+    let expected_mac_len64: [u8; 16] = [
+        0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c,
+        0xfe,
+    ];
+    aes_cmac_sign_impl(key, &message_len64, expected_mac_len64)
+}
+
+fn aes_cmac_sign_impl(key: [u8; 16], message: &[u8], expected_mac: [u8; 16]) -> TestResult {
+    let (pkcs11, slot) = init_pins();
+    let session = pkcs11.open_rw_session(slot)?;
+    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
 
     let key_template = vec![
         Attribute::Class(ObjectClass::SECRET_KEY),
@@ -1224,70 +1291,79 @@ fn aes_cmac_sign() -> TestResult {
         Attribute::Sign(true),
     ];
     let key = session.create_object(&key_template)?;
-    let signature = session.sign(&Mechanism::AesCMac, key, &message)?;
+    let signature = session.sign(&Mechanism::AesCMac, key, message)?;
 
     assert_eq!(expected_mac.as_slice(), signature.as_slice());
     Ok(())
 }
 
+/// AES-CMAC test vectors from RFC 4493
 #[test]
 #[serial]
 fn aes_cmac_verify() -> TestResult {
-    let (pkcs11, slot) = init_pins();
-    let session = pkcs11.open_rw_session(slot)?;
-    session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
     let key: [u8; 16] = [
         0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f,
         0x3c,
     ];
-    let message: [u8; 16] = [
+
+    let message_len0: [u8; 0] = [];
+    let expected_mac_len0: [u8; 16] = [
+        0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67,
+        0x46,
+    ];
+    aes_cmac_verify_impl(key, &message_len0, expected_mac_len0)?;
+
+    let message_len16: [u8; 16] = [
         0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
         0x2a,
     ];
-    let expected_mac: [u8; 16] = [
+    let expected_mac_len16: [u8; 16] = [
         0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28,
         0x7c,
     ];
+    aes_cmac_verify_impl(key, &message_len16, expected_mac_len16)?;
 
-    let key_template = vec![
-        Attribute::Class(ObjectClass::SECRET_KEY),
-        Attribute::KeyType(KeyType::AES),
-        Attribute::Token(true),
-        Attribute::Sensitive(true),
-        Attribute::Private(true),
-        Attribute::Value(key.into()),
-        Attribute::Verify(true),
+    let message_len40: [u8; 40] = [
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
+        0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf,
+        0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
     ];
-    let key = session.create_object(&key_template)?;
-    session.verify(&Mechanism::AesCMac, key, &message, &expected_mac)?;
-    Ok(())
+
+    let expected_mac_len40: [u8; 16] = [
+        0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8,
+        0x27,
+    ];
+    aes_cmac_verify_impl(key, &message_len40, expected_mac_len40)?;
+
+    let message_len64: [u8; 64] = [
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17,
+        0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf,
+        0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a,
+        0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b,
+        0xe6, 0x6c, 0x37, 0x10,
+    ];
+    let expected_mac_len64: [u8; 16] = [
+        0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c,
+        0xfe,
+    ];
+    aes_cmac_verify_impl(key, &message_len64, expected_mac_len64)
 }
 
-#[test]
-#[serial]
-fn sign_verify_sha256_hmac() -> TestResult {
+fn aes_cmac_verify_impl(key: [u8; 16], message: &[u8], expected_mac: [u8; 16]) -> TestResult {
     let (pkcs11, slot) = init_pins();
     let session = pkcs11.open_rw_session(slot)?;
     session.login(UserType::User, Some(&AuthPin::new(USER_PIN.into())))?;
 
-    let priv_key_template = vec![
+    let key_template = vec![
+        Attribute::Class(ObjectClass::SECRET_KEY),
+        Attribute::KeyType(KeyType::AES),
         Attribute::Token(true),
-        Attribute::Private(true),
         Attribute::Sensitive(true),
-        Attribute::Sign(true),
-        Attribute::KeyType(KeyType::GENERIC_SECRET),
-        Attribute::Class(ObjectClass::SECRET_KEY),
-        Attribute::ValueLen(256.into()),
+        Attribute::Private(true),
+        Attribute::Value(key.into()),
+        Attribute::Verify(true),
     ];
-
-    let private = session.generate_key(&Mechanism::GenericSecretKeyGen, &priv_key_template)?;
-
-    let data = vec![0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF];
-
-    let signature = session.sign(&Mechanism::Sha256Hmac, private, &data)?;
-
-    session.verify(&Mechanism::Sha256Hmac, private, &data, &signature)?;
-
-    session.destroy_object(private)?;
+    let key = session.create_object(&key_template)?;
+    session.verify(&Mechanism::AesCMac, key, message, &expected_mac)?;
     Ok(())
 }
