cmac 0.1.0

data/README.md

@@ -0,0 +1,35 @@
+# CMAC [![Build Status](https://secure.travis-ci.org/jtdowney/cmac.png?branch=master)](https://travis-ci.org/jtdowney/cmac)
+
+This gem is ruby implementation of the Cipher-based Message Authentication Code (CMAC) as defined in [RFC4493](http://tools.ietf.org/html/rfc4493), [RFC4494](http://tools.ietf.org/html/rfc4494), and [RFC4615](http://tools.ietf.org/html/rfc4615). Message authentication codes provide integrity protection of data given that two parties share a secret key.
+
+```ruby
+key = OpenSSL::Random.random_bytes(16)
+message = 'attack at dawn'
+cmac = CMAC.new(key)
+cmac.sign(message)
+ => "\xF6\xB8\xC1L]s\xBF\x1A\x87<\xA4\xA1Z\xE0f\xAA"
+```
+
+Once you've obtained the signature (also called a tag) of a message you can use CMAC to verify it as well.
+
+```ruby
+tag = "\xF6\xB8\xC1L]s\xBF\x1A\x87<\xA4\xA1Z\xE0f\xAA"
+cmac.valid_message?(tag, message)
+ => true
+cmac.valid_message?(tag, 'attack at dusk')
+ => false
+```
+
+CMAC can also be used with a variable length input key as described in RFC4615.
+
+```ruby
+key = 'setec astronomy'
+message = 'attack at dawn'
+cmac = CMAC.new(key)
+cmac.sign(message)
+ => "\\\x11\x90\xE6\x91\xB2\xC4\x82`\x90\xA6\xEC:\x0E\x1C\xF3"
+```
+
+## License
+
+The CMAC gem is released under the [MIT license](http://www.opensource.org/licenses/MIT).

data/lib/cmac.rb

@@ -0,0 +1,127 @@
+require 'openssl'
+
+require 'cmac/exception'
+require 'cmac/version'
+
+class CMAC
+  ZeroBlock = "\0" * 16
+  ConstantBlock = ("\0" * 15) + "\x87"
+
+  def initialize(key)
+    key.force_encoding('BINARY') if key.respond_to?(:force_encoding)
+    @key = _derive_key(key)
+    @key1, @key2 = _generate_subkeys(@key)
+  end
+
+  def sign(message, truncate = 16)
+    raise CMAC::Exception.new('Tag cannot be greater than maximum (16 bytes)') if truncate > 16
+    raise CMAC::Exception.new('Tag cannot be less than minimum (8 bytes)') if truncate < 8
+    message.force_encoding('BINARY') if message.respond_to?(:force_encoding)
+
+    if _needs_padding?(message)
+      message = _pad_message(message)
+      final_block = @key2
+    else
+      final_block = @key1
+    end
+
+    last_ciphertext = ZeroBlock
+    count = message.length / 16
+    range = Range.new(0, count - 1)
+    blocks = range.map { |i| message.slice(16 * i, 16) }
+    blocks.each_with_index do |block, i|
+      if i == range.last
+        block = _xor(final_block, block)
+      end
+
+      block = _xor(block, last_ciphertext)
+      last_ciphertext = _encrypt_block(@key, block)
+    end
+
+    last_ciphertext.slice(0, truncate)
+  end
+  alias :encrypt :sign
+
+  def valid_message?(tag, message)
+    other_tag = sign(message)
+    _secure_compare?(tag, other_tag)
+  end
+
+  def _derive_key(key)
+    if key.length == 16
+      key
+    else
+      cmac = CMAC.new(ZeroBlock)
+      cmac.encrypt(key)
+    end
+  end
+
+  def _encrypt_block(key, block)
+    cipher = OpenSSL::Cipher.new('AES-128-ECB')
+    cipher.encrypt
+    cipher.padding = 0
+    cipher.key = key
+    cipher.update(block) + cipher.final
+  end
+
+  def _generate_subkeys(key)
+    key0 = _encrypt_block(key, ZeroBlock)
+    key1 = _next_key(key0)
+    key2 = _next_key(key1)
+    [key1, key2]
+  end
+
+  def _needs_padding?(message)
+    message.length == 0 || message.length % 16 != 0
+  end
+
+  def _next_key(key)
+    if key[0].ord < 0x80
+      _leftshift(key)
+    else
+      _xor(_leftshift(key), ConstantBlock)
+    end
+  end
+
+  def _leftshift(input)
+    overflow = 0
+    words = input.unpack('N4').reverse
+    words = words.map do |word|
+      new_word = (word << 1) & 0xFFFFFFFF
+      new_word |= overflow
+      overflow = (word & 0x80000000) >= 0x80000000 ? 1 : 0
+      new_word
+    end
+    words.reverse.pack('N4')
+  end
+
+  def _pad_message(message)
+    padded_length = message.length + 16 - (message.length % 16)
+    message = message + "\x80"
+    message.ljust(padded_length, "\0")
+  end
+
+  def _secure_compare?(a, b)
+    return false unless a.bytesize == b.bytesize
+
+    bytes = a.unpack("C#{a.bytesize}")
+
+    result = 0
+    b.each_byte do |byte|
+      result |= byte ^ bytes.shift
+    end
+    result == 0
+  end
+
+  def _xor(a, b)
+    a.force_encoding('BINARY') if a.respond_to?(:force_encoding)
+    b.force_encoding('BINARY') if b.respond_to?(:force_encoding)
+
+    output = ''
+    length = [a.length, b.length].min
+    length.times do |i|
+      output << (a[i].ord ^ b[i].ord).chr
+    end
+    output
+  end
+end

data/lib/cmac/exception.rb

@@ -0,0 +1,4 @@
+class CMAC
+  class Exception < StandardError
+  end
+end

data/lib/cmac/version.rb

@@ -0,0 +1,3 @@
+class CMAC
+  VERSION = '0.1.0'
+end

data/spec/cmac_spec.rb

@@ -0,0 +1,46 @@
+require 'spec_helper'
+
+describe CMAC do
+  describe 'sign' do
+    test_vectors.each do |name, options|
+      it "should match the \"#{name}\" test vector" do
+        cmac = CMAC.new(options[:Key])
+        cmac.sign(options[:Message], options[:Truncate].to_i).should == options[:Tag]
+      end
+    end
+
+    it 'should give a truncated output if requested' do
+      cmac = CMAC.new(TestKey)
+      cmac.sign('attack at dawn', 12).length.should == 12
+    end
+
+    it 'should raise error if truncation request is greater than 16 bytes' do
+      cmac = CMAC.new(TestKey)
+      expect do
+        cmac.sign('attack at dawn', 17)
+      end.to raise_error(CMAC::Exception, 'Tag cannot be greater than maximum (16 bytes)')
+    end
+
+    it 'should raise error if truncation request is less than 8 bytes' do
+      cmac = CMAC.new(TestKey)
+      expect do
+        cmac.sign('attack at dawn', 7)
+      end.to raise_error(CMAC::Exception, 'Tag cannot be less than minimum (8 bytes)')
+    end
+  end
+
+  describe 'valid_message?' do
+    it 'should be true for matching messages' do
+      message = 'attack at dawn'
+      cmac = CMAC.new(TestKey)
+      tag = cmac.sign(message)
+      cmac.should be_valid_message(tag, message)
+    end
+
+    it 'should be false for modified messages' do
+      cmac = CMAC.new(TestKey)
+      tag = cmac.sign('attack at dawn')
+      cmac.should_not be_valid_message(tag, 'attack at dusk')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,26 @@
+require 'cmac'
+
+TestKey = "\x01" * 16
+
+RSpec.configure do |config|
+  config.order = 'random'
+end
+
+def test_vectors
+  test_file = File.expand_path('../test_vectors.txt', __FILE__)
+  test_lines = File.readlines(test_file).map(&:strip).reject(&:empty?)
+
+  vectors = {}
+  test_lines.each_slice(5) do |lines|
+    name = lines.shift
+    values = lines.inject({}) do |hash, line|
+      key, value = line.split('=').map(&:strip)
+      value = '' unless value
+      value = [value.slice(2..-1)].pack('H*') if value.start_with?('0x')
+      hash[key.to_sym] = value
+      hash
+    end
+    vectors[name] = values
+  end
+  vectors
+end

data/spec/test_vectors.txt

@@ -0,0 +1,65 @@
+Empty Message, no truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  =
+Truncate = 16
+Tag      = 0xbb1d6929e95937287fa37d129b756746
+
+Message of 16 bytes, no truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172a
+Truncate = 16
+Tag      = 0x070a16b46b4d4144f79bdd9dd04a287c
+
+Message of 40 bytes, no truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411
+Truncate = 16
+Tag      = 0xdfa66747de9ae63030ca32611497c827
+
+Message of 64 bytes, no truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710
+Truncate = 16
+Tag      = 0x51f0bebf7e3b9d92fc49741779363cfe
+
+Empty message, 12 byte truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  =
+Truncate = 12
+Tag      = 0xbb1d6929e95937287fa37d12
+
+Message of 16 bytes, 12 byte truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172a
+Truncate = 12
+Tag      = 0x070a16b46b4d4144f79bdd9d
+
+Message of 40 bytes, 12 byte truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411
+Truncate = 12
+Tag      = 0xdfa66747de9ae63030ca3261
+
+Message of 64 bytes, 12 byte truncation
+Key      = 0x2b7e151628aed2a6abf7158809cf4f3c
+Message  = 0x6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710
+Truncate = 12
+Tag      = 0x51f0bebf7e3b9d92fc497417
+
+Test Case AES-CMAC-PRF-128 with 20-octet input, 18 byte key
+Key      = 0x000102030405060708090a0b0c0d0e0fedcb
+Message  = 0x000102030405060708090a0b0c0d0e0f10111213
+Truncate = 16
+Tag      = 0x84a348a4a45d235babfffc0d2b4da09a
+
+Test Case AES-CMAC-PRF-128 with 20-octet input, 16 byte key
+Key      = 0x000102030405060708090a0b0c0d0e0f
+Message  = 0x000102030405060708090a0b0c0d0e0f10111213
+Truncate = 16
+Tag      = 0x980ae87b5f4c9c5214f5b6a8455e4c2d
+
+Test Case AES-CMAC-PRF-128 with 20-octet input, 10 byte key
+Key      = 0x00010203040506070809
+Message  = 0x000102030405060708090a0b0c0d0e0f10111213
+Truncate = 16
+Tag      = 0x290d9e112edb09ee141fcf64c0b72f3d

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: cmac
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- John Downey
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+description: A ruby implementation of RFC4493, RFC4494, and RFC4615. CMAC is a message
+  authentication code (MAC) built using AES-128.
+email:
+- jdowney@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/cmac/exception.rb
+- lib/cmac/version.rb
+- lib/cmac.rb
+- spec/cmac_spec.rb
+- spec/spec_helper.rb
+- spec/test_vectors.txt
+- README.md
+homepage: https://github.com/jtdowney/cmac
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -708155467333762105
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -708155467333762105
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Cipher-based Message Authentication Code
+test_files:
+- spec/cmac_spec.rb
+- spec/spec_helper.rb
+- spec/test_vectors.txt