|
| 1 | +/* |
| 2 | + * Copyright (c) 2025 The NAMIB Project Developers. |
| 3 | + * Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or |
| 4 | + * https://www.apache.org/licenses/LICENSE-2.0> or the MIT license |
| 5 | + * <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your |
| 6 | + * option. This file may not be copied, modified, or distributed |
| 7 | + * except according to those terms. |
| 8 | + * |
| 9 | + * SPDX-License-Identifier: MIT OR Apache-2.0 |
| 10 | + */ |
| 11 | +use coset::{iana, Algorithm}; |
| 12 | +use crypto_common::BlockSizeUser; |
| 13 | +use digest::Mac; |
| 14 | +use rand::{CryptoRng, RngCore}; |
| 15 | +use typenum::{IsLess, U256}; |
| 16 | + |
| 17 | +use crate::error::CoseCipherError; |
| 18 | +use crate::token::cose::crypto_impl::rustcrypto::RustCryptoContext; |
| 19 | +use crate::token::cose::{CoseSymmetricKey, CryptoBackend}; |
| 20 | +use aes::cipher::{BlockCipher, BlockEncryptMut}; |
| 21 | +use aes::{Aes128, Aes256}; |
| 22 | +use alloc::vec::Vec; |
| 23 | +use cbc_mac::CbcMac; |
| 24 | +use crypto_common::KeyInit; |
| 25 | + |
| 26 | +impl<RNG: RngCore + CryptoRng> RustCryptoContext<RNG> { |
| 27 | + /// Compute the CBC-MAC of `payload` using the given `key` with the block cipher |
| 28 | + /// `C`. |
| 29 | + fn compute_cbc_mac_using_block_cipher< |
| 30 | + C: BlockCipher + BlockEncryptMut + Clone, |
| 31 | + const TAG_LEN: usize, |
| 32 | + >( |
| 33 | + key: &CoseSymmetricKey<'_, <Self as CryptoBackend>::Error>, |
| 34 | + payload: &[u8], |
| 35 | + ) -> Vec<u8> |
| 36 | + where |
| 37 | + CbcMac<C>: KeyInit + Mac, |
| 38 | + <C as BlockSizeUser>::BlockSize: typenum::IsLess<U256>, |
| 39 | + <<C as BlockSizeUser>::BlockSize as IsLess<U256>>::Output: typenum::NonZero, |
| 40 | + { |
| 41 | + // Key length must have been validated by caller as per the API contract of |
| 42 | + // `MacCryptoBackend`. |
| 43 | + let mut cbc_mac = <CbcMac<C> as Mac>::new_from_slice(&key.k).expect("key length invalid"); |
| 44 | + cbc_mac.update(payload); |
| 45 | + let mut result = cbc_mac.finalize().into_bytes().to_vec(); |
| 46 | + result.truncate(TAG_LEN); |
| 47 | + result |
| 48 | + } |
| 49 | + |
| 50 | + /// Verify the CBC-MAC of `payload` using the given `key` with the HMAC function `MAC`. |
| 51 | + fn verify_cbc_mac_using_block_cipher< |
| 52 | + C: BlockCipher + BlockEncryptMut + Clone, |
| 53 | + const TAG_LEN: usize, |
| 54 | + >( |
| 55 | + key: &CoseSymmetricKey<'_, <Self as CryptoBackend>::Error>, |
| 56 | + payload: &[u8], |
| 57 | + tag: &[u8], |
| 58 | + ) -> Result<(), CoseCipherError<<Self as CryptoBackend>::Error>> |
| 59 | + where |
| 60 | + CbcMac<C>: KeyInit + Mac, |
| 61 | + <C as BlockSizeUser>::BlockSize: typenum::IsLess<U256>, |
| 62 | + <<C as BlockSizeUser>::BlockSize as IsLess<U256>>::Output: typenum::NonZero, |
| 63 | + { |
| 64 | + let mut cbc_mac = <CbcMac<C> as Mac>::new_from_slice(&key.k).unwrap(); |
| 65 | + cbc_mac.update(payload); |
| 66 | + |
| 67 | + // Validate length of tag as verify_truncated_left() does not know the expected length. |
| 68 | + if tag.len() != TAG_LEN { |
| 69 | + return Err(CoseCipherError::VerificationFailure); |
| 70 | + } |
| 71 | + |
| 72 | + cbc_mac |
| 73 | + .verify_truncated_left(tag) |
| 74 | + .map_err(CoseCipherError::from) |
| 75 | + } |
| 76 | + |
| 77 | + /// Compute the CBC-MAC of `payload` using the given `key` with the CBC-MAC function |
| 78 | + /// specified in the `algorithm`. |
| 79 | + pub(super) fn compute_cbc_mac( |
| 80 | + algorithm: iana::Algorithm, |
| 81 | + key: &CoseSymmetricKey<'_, <Self as CryptoBackend>::Error>, |
| 82 | + payload: &[u8], |
| 83 | + ) -> Result<Vec<u8>, CoseCipherError<<Self as CryptoBackend>::Error>> { |
| 84 | + match algorithm { |
| 85 | + iana::Algorithm::AES_MAC_128_64 => Ok(Self::compute_cbc_mac_using_block_cipher::< |
| 86 | + Aes128, |
| 87 | + 8, |
| 88 | + >(key, payload)), |
| 89 | + iana::Algorithm::AES_MAC_128_128 => Ok(Self::compute_cbc_mac_using_block_cipher::< |
| 90 | + Aes128, |
| 91 | + 16, |
| 92 | + >(key, payload)), |
| 93 | + iana::Algorithm::AES_MAC_256_64 => Ok(Self::compute_cbc_mac_using_block_cipher::< |
| 94 | + Aes256, |
| 95 | + 8, |
| 96 | + >(key, payload)), |
| 97 | + iana::Algorithm::AES_MAC_256_128 => Ok(Self::compute_cbc_mac_using_block_cipher::< |
| 98 | + Aes256, |
| 99 | + 16, |
| 100 | + >(key, payload)), |
| 101 | + a => Err(CoseCipherError::UnsupportedAlgorithm(Algorithm::Assigned( |
| 102 | + a, |
| 103 | + ))), |
| 104 | + } |
| 105 | + } |
| 106 | + |
| 107 | + /// Verify the CBC-MAC `tag` of `payload` using the given `key` with the CBC-MAC |
| 108 | + /// function specified in the `algorithm`. |
| 109 | + pub(super) fn verify_cbc_mac( |
| 110 | + algorithm: iana::Algorithm, |
| 111 | + key: &CoseSymmetricKey<'_, <Self as CryptoBackend>::Error>, |
| 112 | + tag: &[u8], |
| 113 | + payload: &[u8], |
| 114 | + ) -> Result<(), CoseCipherError<<Self as CryptoBackend>::Error>> { |
| 115 | + match algorithm { |
| 116 | + iana::Algorithm::AES_MAC_128_64 => { |
| 117 | + Self::verify_cbc_mac_using_block_cipher::<Aes128, 8>(key, payload, tag) |
| 118 | + } |
| 119 | + iana::Algorithm::AES_MAC_128_128 => { |
| 120 | + Self::verify_cbc_mac_using_block_cipher::<Aes128, 16>(key, payload, tag) |
| 121 | + } |
| 122 | + iana::Algorithm::AES_MAC_256_64 => { |
| 123 | + Self::verify_cbc_mac_using_block_cipher::<Aes256, 8>(key, payload, tag) |
| 124 | + } |
| 125 | + iana::Algorithm::AES_MAC_256_128 => { |
| 126 | + Self::verify_cbc_mac_using_block_cipher::<Aes256, 16>(key, payload, tag) |
| 127 | + } |
| 128 | + a => Err(CoseCipherError::UnsupportedAlgorithm(Algorithm::Assigned( |
| 129 | + a, |
| 130 | + ))), |
| 131 | + } |
| 132 | + } |
| 133 | +} |
0 commit comments