openssl-cmac 1.0.0 → 2.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 63fc4231601c14a5a8a6fc04bdcc4291b7be2cda
+  data.tar.gz: cbcabe5e112d41adf149d6eac700157569731636
+SHA512:
+  metadata.gz: 3d1d6128a6a4c99b71461f7d14411502215e19aa33779f38d907203d62333052000cd3aed8c4f1a1d3706bf0f554ea7ce70a2b44173145683e345343d92486ca
+  data.tar.gz: a86fc591bd98f5505986c1807d61a32214a9892366553268e3e3791c90865a6c339520a0d8929de1322030a1eca837643018af5655800e03ac79c8599dbbd483

data/.rubocop.yml

@@ -0,0 +1,12 @@
+
+ClassLength:
+  Max: 256
+
+MethodLength:
+  Max: 32
+
+CyclomaticComplexity:
+  Max: 8
+
+Documentation:
+  Enabled: false

data/.yardopts

@@ -0,0 +1,4 @@
+--no-private
+--protected
+lib/**/**/*.rb -
+LICENSE

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rake', '>=10.2.2'
+gem 'rdoc', '>=4.1.1'
+gem 'yard', '>=0.8.7.3'
+gem 'rubocop', '>=0.18.1'
+gem 'coveralls', '>=00.7.0'

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014, Maxim Chechel, Lars Schmertmann  <SmallLars@t-online.de>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+[![Gem Version](https://badge.fury.io/rb/openssl-cmac.png)](http://badge.fury.io/rb/openssl-cmac)
+[![Dependency Status](https://gemnasium.com/SmallLars/openssl-cmac.png)](https://gemnasium.com/SmallLars/openssl-cmac)
+[![Build Status](https://travis-ci.org/SmallLars/openssl-cmac.png?branch=master)](https://travis-ci.org/SmallLars/openssl-cmac)
+[![Coverage Status](https://coveralls.io/repos/SmallLars/openssl-cmac/badge.png?branch=master)](https://coveralls.io/r/SmallLars/openssl-cmac)
+[![Code Climate](https://codeclimate.com/github/SmallLars/openssl-cmac.png)](https://codeclimate.com/github/SmallLars/openssl-cmac)
+[![Inline docs](http://inch-pages.github.io/github/smalllars/openssl-cmac.png)](http://inch-pages.github.io/github/smalllars/openssl-cmac)
+
+# openssl-cmac
+
+Ruby Gem for
+* [RFC 4493 - The AES-CMAC Algorithm](http://tools.ietf.org/html/rfc4493)
+* [RFC 4494 - The AES-CMAC-96 Algorithm and Its Use with IPsec](http://tools.ietf.org/html/rfc4494)
+* [RFC 4615 - The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)](http://tools.ietf.org/html/rfc4615)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'openssl-cmac'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install openssl-cmac
+
+## Usage
+
+Example 1:
+
+    require 'openssl/cmac'
+    mac = OpenSSL::CMAC.digest('AES', 'message', 'key')
+
+Example 2:
+
+    require 'openssl/cmac'
+    cmac = OpenSSL::CMAC.new('AES', 'key')
+    cmac.update('message chunk 1')
+    ...
+    cmac.update('message chunk n')
+    mac = cmac.digest

data/Rakefile

@@ -0,0 +1,31 @@
+require './lib/openssl/cmac/version'
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+task :default => :build
+
+desc "Run tests"
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Create documentation"
+task :doc do
+  sh "gem rdoc --rdoc openssl-cmac"
+  sh "yardoc"
+end
+
+desc "Uninstall and clean documentation"
+task :clean do
+  sh "gem uninstall openssl-cmac"
+  begin; sh "rm -R ./coverage"; rescue; end
+  begin; sh "rm -R ./.yardoc";  rescue; end
+  begin; sh "rm -R ./doc";      rescue; end
+end
+
+desc "Development Dependencies"
+task (:devinst) { sh "gem install --dev ./openssl-cmac-#{OpenSSL::CMAC::VERSION}.gem" }
+
+desc "Bundle install"
+task (:bundle) { sh "bundle install" }
+

data/lib/openssl/cmac/version.rb

@@ -0,0 +1,5 @@
+module OpenSSL
+  class CMAC
+    VERSION = '2.0.0'
+  end
+end

data/lib/openssl/cmac.rb

@@ -0,0 +1,168 @@
+require 'openssl'
+
+module OpenSSL
+  # CMACError used for wrong parameter resonse.
+  class CMACError < StandardError
+  end
+
+  # Abstract from http://tools.ietf.org/html/rfc4493:
+  #
+  # The National Institute of Standards and Technology (NIST) has
+  # recently specified the Cipher-based Message Authentication Code
+  # (CMAC), which is equivalent to the One-Key CBC MAC1 (OMAC1) submitted
+  # by Iwata and Kurosawa.  This memo specifies an authentication
+  # algorithm based on CMAC with the 128-bit Advanced Encryption Standard
+  # (AES).  This new authentication algorithm is named AES-CMAC.  The
+  # purpose of this document is to make the AES-CMAC algorithm
+  # conveniently available to the Internet Community.
+  #
+  # http://tools.ietf.org/html/rfc4494
+  # reduces the length of the result from 16 to 12 Byte.
+  #
+  # http://tools.ietf.org/html/rfc4615
+  # allows to use variable key sizes.
+  class CMAC
+    # Searches for supported algorithms within OpenSSL
+    #
+    # @return [[String]] supported algorithms
+    def self.ciphers
+      l = OpenSSL::Cipher.ciphers.keep_if { |c| c.end_with?('-128-CBC') }
+      l.length.times { |i| l[i] = l[i][0..-9] }
+      l
+    end
+
+    # Returns the authentication code as a binary string. The cipher parameter
+    # must be an entry of OpenSSL::CMAC.ciphers.
+    #
+    # @param cipher [String] entry of OpenSSL::CMAC.ciphers
+    # @param key [String] binary key string
+    # @param data [String] binary data string
+    # @param length [Number] length of the authentication code
+    #
+    # @return [String] authentication code
+    def self.digest(cipher, key, data, length = 16)
+      CMAC.new(cipher, key).update(data).digest(length)
+    end
+
+    public
+
+    # Returns an instance of OpenSSL::CMAC set with the cipher algorithm and
+    # key to be used. The instance represents the initial state of the message
+    # authentication code before any data has been processed. To process data
+    # with it, use the instance method update with your data as an argument.
+    #
+    # @param cipher [String] entry of OpenSSL::CMAC.ciphers
+    # @param key [String] binary key string
+    #
+    # @return [Object] the new CMAC object
+    def initialize(cipher, key = '')
+      unless CMAC.ciphers.include?(cipher)
+        fail CMACError, "unsupported cipher algorithm (#{cipher})"
+      end
+
+      @keys = []
+      @buffer = ''.force_encoding('ASCII-8BIT')
+      @cipher = OpenSSL::Cipher.new("#{cipher}-128-CBC")
+
+      self.key = key unless key == ''
+    end
+
+    # Returns self as it was when it was first initialized with new key,
+    # with all processed data cleared from it.
+    #
+    # @param key [String] binary key string
+    #
+    # @return [Object] self with initial state and new key
+    def key=(key)
+      reset
+      key = CMAC.digest('AES', "\x00" * 16, key, 16) unless key.b.length == 16
+
+      @keys[0] = key.dup
+      @cipher.key = @keys[0]
+
+      cipher = OpenSSL::Cipher.new(@cipher.name)
+      cipher.encrypt
+      cipher.key = @keys[0]
+      k = cipher.update("\x00" * 16).bytes
+      1.upto(2) do |i|
+        k = k.pack('C*').unpack('B*')[0]
+        msb = k.slice!(0)
+        k = [k, '0'].pack('B*').bytes
+        k[15] ^= 0x87 if msb == '1'
+        @keys[i] = k.dup
+      end
+      self
+    end
+
+    # Alias for: update
+    def <<(data)
+      update(data)
+    end
+
+    # Returns the block length of the used cipher algorithm.
+    #
+    # @return [Number] length of the used cipher algorithm
+    def block_length
+      16
+    end
+
+    # Returns the maximum length of the resulting digest.
+    #
+    # @return [Number] maximum length of the resulting digest
+    def digest_max_length
+      16
+    end
+
+    # Returns the name of the used authentication code algorithm.
+    #
+    # @return [String] name of the used authentication code algorithm
+    def name
+      "CMAC with #{@cipher.name[0..-9]}"
+    end
+
+    # Returns self as it was when it was first initialized,
+    # with all processed data cleared from it.
+    #
+    # @return [Object] self with initial state
+    def reset
+      @keys.clear
+      @buffer.clear
+      @cipher.reset
+      @cipher.encrypt
+      self
+    end
+
+    # Returns self updated with the message to be authenticated.
+    # Can be called repeatedly with chunks of the message.
+    #
+    # @param data [String] binary data string
+    #
+    # @return [Object] self with new state
+    def update(data)
+      fail CMACError, 'no key is set' if @keys[0].nil?
+
+      @buffer += data
+      @cipher.update(@buffer.slice!(0...16)) while @buffer.length > 16
+      self
+    end
+
+    # Returns the authentication code an instance represents as a binary string.
+    #
+    # @param length [Number] length of the authentication code
+    def digest(length = 16)
+      fail CMACError, 'no key is set' if @keys[0].nil?
+      fail CMACError, 'no key is set' unless length.between?(1, 16)
+
+      block = @buffer.bytes
+      @buffer.clear
+      k = @keys[block.length == 16 ? 1 : 2].dup
+      i = block.length.times { |t| k[t] ^= block[t] }
+      k[i] ^= 0x80 if i < 16
+      mac = @cipher.update(k.pack('C*'))
+      @cipher.reset
+      @cipher.encrypt
+      @cipher.key = @keys[0]
+      mac[0...length]
+    end
+  end
+end

data/test/test_cmac.rb

@@ -0,0 +1,163 @@
+require 'coveralls'
+Coveralls.wear!
+require 'test/unit'
+require 'openssl/cmac'
+
+# Testclass with Test Vectors from RFC's
+class CMACTest < Test::Unit::TestCase
+  # http://tools.ietf.org/html/rfc4493#section-4
+  KEY = ['2b7e151628aed2a6abf7158809cf4f3c'].pack('H*')
+  DATA = [[''].pack('H*'),
+          ['6bc1bee22e409f96e93d7e117393172a'].pack('H*'),
+          ['6bc1bee22e409f96e93d7e117393172a'\
+           'ae2d8a571e03ac9c9eb76fac45af8e51'\
+           '30c81c46a35ce411'].pack('H*'),
+          ['6bc1bee22e409f96e93d7e117393172a'\
+           'ae2d8a571e03ac9c9eb76fac45af8e51'\
+           '30c81c46a35ce411e5fbc1191a0a52ef'\
+           'f69f2445df4f9b17ad2b417be66c3710'].pack('H*')]
+  MAC = %w(bb1d6929e95937287fa37d129b756746
+           070a16b46b4d4144f79bdd9dd04a287c
+           dfa66747de9ae63030ca32611497c827
+           51f0bebf7e3b9d92fc49741779363cfe)
+
+  # http://tools.ietf.org/html/rfc4615#section-4
+  PRF_KEYS = [['000102030405060708090a0b0c0d0e0fedcb'].pack('H*'),
+              ['000102030405060708090a0b0c0d0e0f'].pack('H*'),
+              ['00010203040506070809'].pack('H*')]
+  PRF_DATA = ['000102030405060708090a0b0c0d0e0f10111213'].pack('H*')
+  PRF_OUTS = %w(84a348a4a45d235babfffc0d2b4da09a
+                980ae87b5f4c9c5214f5b6a8455e4c2d
+                290d9e112edb09ee141fcf64c0b72f3d)
+
+  def test_cmac_keys
+    cmac = OpenSSL::CMAC.new('AES')
+    cmac.key = KEY
+    check_keys(cmac)
+
+    cmac = OpenSSL::CMAC.new('AES', KEY)
+    check_keys(cmac)
+
+    assert(cmac.instance_variable_get(:@buffer).empty?, 'Wrong buffer')
+    cmac.update(DATA[2])
+    assert(cmac.instance_variable_get(:@buffer).length == 8, 'Wrong buffer')
+    cmac.update(DATA[2])
+    assert(cmac.instance_variable_get(:@buffer).length == 16, 'Wrong buffer')
+
+    cmac.reset
+    assert(cmac.instance_variable_get(:@keys)[0].nil?, 'Reset fail')
+    assert(cmac.instance_variable_get(:@keys)[1].nil?, 'Reset fail')
+    assert(cmac.instance_variable_get(:@keys)[2].nil?, 'Reset fail')
+    assert_equal('', cmac.instance_variable_get(:@buffer), 'Reset fail')
+
+    assert_raise(OpenSSL::CMACError) { cmac.update(DATA[2]) }
+    assert_raise(OpenSSL::CMACError) { cmac.digest }
+
+    cmac.key = KEY
+    check_keys(cmac)
+
+    m = cmac.update(DATA[2]).digest.unpack('H*')[0]
+    assert_equal(MAC[2], m)
+  end
+
+  def check_keys(cmac)
+    assert_equal(
+      '2b7e151628aed2a6abf7158809cf4f3c',
+      cmac.instance_variable_get(:@keys)[0].unpack('H*')[0],
+      'Key ERROR'
+    )
+    assert_equal(
+      'fbeed618357133667c85e08f7236a8de',
+      cmac.instance_variable_get(:@keys)[1].pack('C*').unpack('H*')[0],
+      'SubKey 1 ERROR'
+    )
+
+    assert_equal(
+      'f7ddac306ae266ccf90bc11ee46d513b',
+      cmac.instance_variable_get(:@keys)[2].pack('C*').unpack('H*')[0],
+      'SubKey 2 ERROR'
+    )
+  end
+
+  def test_cmac_vars
+    cmac = OpenSSL::CMAC.new('AES')
+    assert_equal(16, cmac.block_length)
+    assert_equal(16, cmac.digest_max_length)
+    assert_equal('CMAC with AES', cmac.name)
+  end
+
+  def test_cmac_update
+    # Test with 1 call of update and new CCM object for each test.
+    DATA.length.times do |i|
+      cmac = OpenSSL::CMAC.new('AES', KEY)
+      m = cmac.update(DATA[i]).digest.unpack('H*')[0]
+      assert_equal(MAC[i], m, "Test: 1, Vector: #{i + 1}")
+    end
+
+    # Test with 1 call of update and same CCM object for each test.
+    # There is no reset, because it should be possible to calculate
+    # a new mac after digest without reset.
+    cmac = OpenSSL::CMAC.new('AES', KEY)
+    DATA.length.times do |i|
+      m = cmac.update(DATA[i]).digest.unpack('H*')[0]
+      assert_equal(MAC[i], m, "Test: 2, Vector: #{i + 1}")
+    end
+
+    # Test with multiple calls of update and new CCM object for each test
+    1.upto(DATA.length - 1) do |i|
+      1.upto(17) do |c|
+        cmac = OpenSSL::CMAC.new('AES', KEY)
+        DATA[i].bytes.each_slice(c) { |w| cmac.update(w.pack('C*')) }
+        m = cmac.digest.unpack('H*')[0]
+        assert_equal(MAC[i], m, "Test: 3, Vector: #{i + 1}, Tokenlen: #{c}")
+      end
+    end
+
+    # Test with multiple calls of update and same CCM object for each test
+    cmac = OpenSSL::CMAC.new('AES', KEY)
+    1.upto(DATA.length - 1) do |i|
+      1.upto(17) do |c|
+        DATA[i].bytes.each_slice(c) { |w| cmac.update(w.pack('C*')) }
+        m = cmac.digest.unpack('H*')[0]
+        assert_equal(MAC[i], m, "Test: 4, Vector: #{i + 1}, Tokenlen: #{c}")
+      end
+    end
+
+    # Test for Operator <<
+    DATA[3].bytes.each_slice(5) { |w| cmac << w.pack('C*') }
+    m = cmac.digest.unpack('H*')[0]
+    assert_equal(MAC[3], m, 'Test: 5, Vector: 4, Tokenlen: 5')
+  end
+
+  def test_cmac_digest
+    cmac = OpenSSL::CMAC.new('AES', KEY)
+    m = cmac.update(DATA[3]).digest.unpack('H*')[0]
+    assert_equal(MAC[3], m, 'Digest with no update')
+
+    cmac.update(DATA[3].b[0...20])
+    m = cmac.update(DATA[3].b[20...64]).digest.unpack('H*')[0]
+    assert_equal(MAC[3], m, 'Digest after update')
+
+    cmac.update(DATA[3])
+    m = cmac.update('').digest.unpack('H*')[0]
+    assert_equal(MAC[3], m, 'Empty digest')
+
+    DATA.length.times do |i|
+      m = OpenSSL::CMAC.digest('AES', KEY, DATA[i]).unpack('H*')[0]
+      assert_equal(MAC[i], m, "Vector: #{i + 1}")
+
+      m = OpenSSL::CMAC.digest('AES', KEY, DATA[i], 12).unpack('H*')[0]
+      assert_equal(24, m.length, "Vector: #{i + 1} - length")
+      assert_equal(MAC[i][0...24], m, "Vector: #{i + 1} - 12")
+    end
+  end
+
+  def test_cmac_prf
+    cmac = OpenSSL::CMAC.new('AES')
+    3.times do |i|
+      cmac.key = PRF_KEYS[i]
+      m = cmac.update(PRF_DATA).digest.unpack('H*')[0]
+      assert_equal(PRF_OUTS[i], m, "Vector: #{i + 1}")
+    end
+  end
+end

metadata

@@ -1,46 +1,161 @@
 --- !ruby/object:Gem::Specification
 name: openssl-cmac
 version: !ruby/object:Gem::Version
-  version: 1.0.0
-  prerelease: 
+  version: 2.0.0
 platform: ruby
 authors:
 - Maxim M. Chechel
+- Lars Schmertmann
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-04 00:00:00.000000000 Z
-dependencies: []
-description: http://tools.ietf.org/html/rfc4493
-email: maximchick@gmail.com
+date: 2014-04-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.2.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.2.2
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.1.1
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.8.7.3
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.18.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.18.1
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+description: Ruby Gem for RFC 4493, 4494, 4615 - The AES-CMAC Algorithm
+email:
+- maximchick@gmail.com
+- SmallLars@t-online.de
 executables: []
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- README.md
+- LICENSE
 files:
-- lib/openssl_cmac.rb
-homepage: https://github.com/maximchick/openssl-cmac
+- ".rubocop.yml"
+- ".yardopts"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/openssl/cmac.rb
+- lib/openssl/cmac/version.rb
+- test/test_cmac.rb
+homepage: https://github.com/smalllars/openssl-cmac
 licenses:
 - MIT
-post_install_message: 
-rdoc_options: []
+metadata: {}
+post_install_message: Thanks for installing!
+rdoc_options:
+- "-x"
+- test/data_*
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.25
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
-summary: AES-CMAC algorithm implementation
-test_files: []
+specification_version: 4
+summary: RFC 4493, 4494, 4615 - CMAC
+test_files:
+- test/test_cmac.rb
+has_rdoc: 

data/lib/openssl_cmac.rb

@@ -1,69 +0,0 @@
-# This is an implementation of AES-CMAC Algorithm:
-# http://tools.ietf.org/html/rfc4493
-#
-# OpenSSL version > 1.0.1 already has a native implementation of CMAC
-# but there are no corresponding bindings in Ruby OpenSSL standard library
-
-require 'openssl'
-
-module OpenSSL
-  class CMAC
-    CONST_ZERO = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00".force_encoding('ASCII-8BIT')
-    CONST_RB = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x87]
-
-    # key - base 128 bit AES key
-    def initialize(key)
-      @key = key
-      @k1, @k2 = CMAC.gen_subkeys(@key)
-    end
-
-    def generate(data)
-      data8 = data.dup.force_encoding('ASCII-8BIT')
-
-      xor_key = @k1
-      unless data8.size > 0 && 0 == data8.size % 16
-        xor_key = @k2
-        padding = "\x80"
-        padding << "\x00" * (15 - data8.size % 16)
-        data8 << padding
-      end
-
-      data8[-16, 16].unpack('C*').each_with_index do |e, i| 
-        data8[data8.size - 16 + i] = (e ^ xor_key[i]).chr
-      end
-
-      cipher = Cipher::AES.new(128, :CBC)
-      cipher.encrypt
-      cipher.key = @key
-
-      cipher.update(data8)[-16, 16]
-    end
-
-    def verify(data, cmac)
-      generate(data) == cmac
-    end
-
-    def self.gen_subkeys(key)
-      cipher = Cipher::AES.new(128, :ECB)
-      cipher.encrypt
-      cipher.key = key
-
-      k1 = (cipher.update(CONST_ZERO)).unpack('C*')
-      xor_flag = k1[0] >= 0x80
-
-      k2 = Array.new(16)
-
-      k1.each_with_index {|e, i| 
-        lsb = i == 15 ? 0 : (k1[i+1] & 0x80) / 0x80
-        k1[i] = (k1[i] << 1) % 256 | lsb
-        k1[i] ^= CONST_RB[i] if xor_flag
-
-        lsb = i == 15 ? 0 : (k1[i+1] << 1 & 0x80) / 0x80
-        k2[i] = (k1[i] << 1) % 256 | lsb
-        k2[i] ^= CONST_RB[i] if k1[0] >= 0x80
-      }
-
-      [k1, k2]
-    end
-  end
-end