cbcmac: enable provided padding for EMAC/ANSI Retail MAC/MAC-DES/LMAC #319

2025-04-26 12:16:20 +08:00 · 2025-03-19 10:10:00 +08:00 · 2025-03-19 10:10:00 +08:00 · d8eb166dfc
commit d8eb166dfc
parent 2d3329a2ea
2 changed files with 262 additions and 5 deletions
--- a/cbcmac/cbcmac.go
+++ b/cbcmac/cbcmac.go
@ -89,6 +89,19 @@ type emac struct {
 // The padding scheme is ISO/IEC 9797-1 method 2.
 // GB/T 15821.1-2020 MAC scheme 2
 func NewEMAC(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int) BockCipherMAC {
+	return NewEMACWithPadding(creator, key1, key2, size, padding.NewISO9797M2Padding)
+}
+
+// NewEMACWithPadding creates a new instance of EMAC (Encrypted Message Authentication Code) with padding.
+// It takes the following parameters:
+// - creator: a function that takes a key and returns a cipher.Block and an error.
+// - key1: the first key used to create the first cipher.Block.
+// - key2: the second key used to create the second cipher.Block.
+// - size: the size of the MAC. It must be greater than 0 and less than or equal to the block size of the cipher.
+// - paddingFunc: a function that returns the padding to be used.
+//
+// The function returns a BockCipherMAC instance. It panics if there is an error creating the cipher.Blocks or if the size is invalid.
+func NewEMACWithPadding(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int, paddingFunc padding.PaddingFunc) BockCipherMAC {
 	var b1, b2 cipher.Block
 	var err error
 	if b1, err = creator(key1); err != nil {
@ -100,7 +113,7 @@ func NewEMAC(creator func(key []byte) (cipher.Block, error), key1, key2 []byte,
 	if b2, err = creator(key2); err != nil {
 		panic(err)
 	}
-	return &emac{pad: padding.NewISO9797M2Padding(uint(b1.BlockSize())), b1: b1, b2: b2, size: size}
+	return &emac{pad: paddingFunc(uint(b1.BlockSize())), b1: b1, b2: b2, size: size}
 }

 func (e *emac) Size() int {
@ -126,7 +139,20 @@ type ansiRetailMAC emac
 // The padding scheme is ISO/IEC 9797-1 method 2.
 // GB/T 15821.1-2020 MAC scheme 3
 func NewANSIRetailMAC(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int) BockCipherMAC {
-	return (*ansiRetailMAC)(NewEMAC(creator, key1, key2, size).(*emac))
+	return NewANSIRetailMACWithPadding(creator, key1, key2, size, padding.NewISO9797M2Padding)
+}
+
+// NewANSIRetailMACWithPadding creates a new ANSI Retail MAC with padding.
+// It takes the following parameters:
+// - creator: a function that takes a key and returns a cipher.Block and an error.
+// - key1: the first key used for the MAC.
+// - key2: the second key used for the MAC.
+// - size: the size of the MAC.
+// - paddingFunc: a function used to pad the input data.
+//
+// It returns a BockCipherMAC which is an instance of ansiRetailMAC.
+func NewANSIRetailMACWithPadding(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int, paddingFunc padding.PaddingFunc) BockCipherMAC {
+	return (*ansiRetailMAC)(NewEMACWithPadding(creator, key1, key2, size, paddingFunc).(*emac))
 }

 func (e *ansiRetailMAC) Size() int {
@ -157,6 +183,10 @@ type macDES struct {
 // The padding scheme is ISO/IEC 9797-1 method 2.
 // GB/T 15821.1-2020 MAC scheme 4
 func NewMACDES(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int) BockCipherMAC {
+	return NewMACDESWithPadding(creator, key1, key2, size, padding.NewISO9797M2Padding)
+}
+
+func NewMACDESWithPadding(creator func(key []byte) (cipher.Block, error), key1, key2 []byte, size int, paddingFunc padding.PaddingFunc) BockCipherMAC {
 	var b1, b2, b3 cipher.Block
 	var err error
 	if b1, err = creator(key1); err != nil {
@ -170,13 +200,13 @@ func NewMACDES(creator func(key []byte) (cipher.Block, error), key1, key2 []byte
 	}
 	key3 := make([]byte, len(key2))
 	copy(key3, key2)
-	for i := 0; i < len(key3); i++ {
+	for i := range key3 {
 		key3[i] ^= 0xF0
 	}
 	if b3, err = creator(key3); err != nil {
 		panic(err)
 	}
-	return &macDES{pad: padding.NewISO9797M2Padding(uint(b1.BlockSize())), b1: b1, b2: b2, b3: b3, size: size}
+	return &macDES{pad: paddingFunc(uint(b1.BlockSize())), b1: b1, b2: b2, b3: b3, size: size}
 }

 func (m *macDES) Size() int {
@ -354,6 +384,19 @@ type lmac struct {
 // NewLMAC returns an LMAC instance that implements MAC with the given block cipher.
 // GB/T 15821.1-2020 MAC scheme 6
 func NewLMAC(creator func(key []byte) (cipher.Block, error), key []byte, size int) BockCipherMAC {
+	return NewLMACWithPadding(creator, key, size, padding.NewISO9797M2Padding)
+}
+
+// NewLMACWithPadding creates a new LMAC (Length-based Message Authentication Code) with padding.
+// It takes the following parameters:
+// - creator: a function that takes a key and returns a cipher.Block and an error.
+// - key: the key used for the MAC.
+// - size: the size of the MAC output. It must be greater than 0 and less than or equal to the block size of the cipher.
+// - paddingFunc: a function that returns a padding function for the given block size.
+//
+// The function initializes two cipher blocks using derived keys and returns an instance of BockCipherMAC.
+// It panics if the key creation fails or if the size is invalid.
+func NewLMACWithPadding(creator func(key []byte) (cipher.Block, error), key []byte, size int, paddingFunc padding.PaddingFunc) BockCipherMAC {
 	var b, b1, b2 cipher.Block
 	var err error
 	if b, err = creator(key); err != nil {
@ -376,7 +419,7 @@ func NewLMAC(creator func(key []byte) (cipher.Block, error), key []byte, size in
 		panic(err)
 	}

-	return &lmac{b1: b1, b2: b2, pad: padding.NewISO9797M2Padding(uint(blockSize)), size: size}
+	return &lmac{b1: b1, b2: b2, pad: paddingFunc(uint(blockSize)), size: size}
 }

 func (l *lmac) Size() int {
--- a/cbcmac/cbcmac_test.go
+++ b/cbcmac/cbcmac_test.go
@ -102,6 +102,61 @@ func TestCBCMACWithPadding(t *testing.T) {
 	}
 }

+func TestEMACWithPadding(t *testing.T) {
+	// Test vectors from GB/T 15821.1-2020 Appendix B.
+	cases := []struct {
+		key1 []byte
+		key2 []byte
+		src  []byte
+		tag  []byte
+		paddingFunc padding.PaddingFunc
+	}{
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			nil,
+			[]byte{0x2c, 0xf6, 0xed, 0xf6, 0x3c, 0xce, 0x14, 0x44, 0x89, 0xea, 0xdd, 0xf0, 0x7b, 0x49, 0x38, 0xdb},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0xe4, 0x23, 0xe3, 0x55, 0x99, 0xaf, 0xd9, 0x48, 0xae, 0xc5, 0x0b, 0xde, 0xe8, 0x38, 0xe9, 0xea},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0xf0, 0x26, 0x25, 0xce, 0xad, 0x00, 0x8d, 0x4e, 0xfb, 0xf3, 0xf0, 0xb2, 0xb0, 0xc2, 0xa7, 0x5b},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0x40, 0x03, 0xba, 0x1b, 0x6a, 0xdc, 0x53, 0xa8, 0x26, 0xe8, 0x2f, 0xce, 0xa1, 0x6a, 0xfa, 0xac},
+			padding.NewISO9797M3Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0xff, 0xd5, 0xf1, 0xf2, 0xe5, 0xed, 0xa5, 0xcb, 0xf4, 0x02, 0xd6, 0x5a, 0x5b, 0x0b, 0x19, 0x53},
+			padding.NewISO9797M3Padding,
+		},
+	}
+
+	for i, c := range cases {
+		mac := NewEMACWithPadding(sm4.NewCipher, c.key1, c.key2, len(c.tag), c.paddingFunc)
+		tag := mac.MAC(c.src)
+		if !bytes.Equal(tag, c.tag) {
+			t.Errorf("#%d: expect tag %x, got %x", i, c.tag, tag)
+		}
+	}
+}
+
 func TestEMAC(t *testing.T) {
 	// Test vectors from GB/T 15821.1-2020 Appendix B.
 	cases := []struct {
@ -176,6 +231,61 @@ func TestANSIRetailMAC(t *testing.T) {
 	}
 }

+func TestANSIRetailMACWithPadding(t *testing.T) {
+	// Test vectors from GB/T 15821.1-2020 Appendix B.
+	cases := []struct {
+		key1 []byte
+		key2 []byte
+		src  []byte
+		tag  []byte
+		paddingFunc padding.PaddingFunc
+	}{
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			nil,
+			[]byte{0xb4, 0x73, 0x6b, 0xe9, 0xa1, 0x74, 0xfa, 0xa3, 0x4d, 0xb1, 0xe9, 0xf1, 0xda, 0xcd, 0x5d, 0x62},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0x51, 0xe9, 0x92, 0x8c, 0x22, 0x38, 0x33, 0x0c, 0x32, 0x31, 0xb8, 0x75, 0x2a, 0x9a, 0xfd, 0x7f},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0x19, 0x72, 0x47, 0x22, 0x9c, 0xe9, 0xd7, 0xb6, 0xae, 0x40, 0x5b, 0xf8, 0x85, 0xb2, 0x70, 0x57},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0x7c, 0xd4, 0x8c, 0x42, 0x42, 0xe4, 0x55, 0x75, 0xe5, 0x1a, 0xaf, 0x0d, 0xcc, 0x7a, 0x20, 0x8c},
+			padding.NewISO9797M3Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0x3c, 0x43, 0x0f, 0x1e, 0xa4, 0x3b, 0x54, 0x0c, 0x68, 0x45, 0x7e, 0x24, 0x9c, 0x46, 0xf1, 0xdb},
+			padding.NewISO9797M3Padding,
+		},
+	}
+
+	for i, c := range cases {
+		mac := NewANSIRetailMACWithPadding(sm4.NewCipher, c.key1, c.key2, len(c.tag), c.paddingFunc)
+		tag := mac.MAC(c.src)
+		if !bytes.Equal(tag, c.tag) {
+			t.Errorf("#%d: expect tag %x, got %x", i, c.tag, tag)
+		}
+	}
+}
+
 func TestMACDES(t *testing.T) {
 	// Test vectors from GB/T 15821.1-2020 Appendix B.
 	cases := []struct {
@ -213,6 +323,61 @@ func TestMACDES(t *testing.T) {
 	}
 }

+func TestMACDESWithPadding(t *testing.T) {
+	// Test vectors from GB/T 15821.1-2020 Appendix B.
+	cases := []struct {
+		key1 []byte
+		key2 []byte
+		src  []byte
+		tag  []byte
+		paddingFunc padding.PaddingFunc
+	}{
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			nil,
+			[]byte{0x0c, 0x56, 0x00, 0x96, 0xb6, 0x09, 0xed, 0x0e, 0xaa, 0x39, 0xaf, 0xd6, 0xe2, 0x66, 0x65, 0x11},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0x7e, 0x1a, 0x9a, 0x5e, 0x0e, 0xf0, 0x94, 0x7f, 0x25, 0xcb, 0x94, 0x85, 0x26, 0x1c, 0x98, 0x5c},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0x94, 0x94, 0x76, 0xd3, 0x5f, 0x17, 0x26, 0x1e, 0x1f, 0xb8, 0xc4, 0x39, 0x6d, 0x62, 0xdc, 0x05},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message for mac"),
+			[]byte{0x28, 0xa7, 0x0d, 0x6b, 0xcc, 0xf7, 0x44, 0x22, 0x46, 0x20, 0x58, 0xab, 0xbc, 0x27, 0xf6, 0xae},
+			padding.NewISO9797M3Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte{0x41, 0x49, 0xd2, 0xad, 0xed, 0x94, 0x56, 0x68, 0x1e, 0xc8, 0xb5, 0x11, 0xd9, 0xe7, 0xee, 0x04},
+			[]byte("This is the test message "),
+			[]byte{0xc9, 0xd3, 0x4e, 0x16, 0xc4, 0x9a, 0xb6, 0x43, 0x57, 0xa2, 0x61, 0x8d, 0xeb, 0xd1, 0x03, 0x2f},
+			padding.NewISO9797M3Padding,
+		},
+	}
+
+	for i, c := range cases {
+		mac := NewMACDESWithPadding(sm4.NewCipher, c.key1, c.key2, 16, c.paddingFunc)
+		tag := mac.MAC(c.src)
+		if !bytes.Equal(tag, c.tag) {
+			t.Errorf("#%d: expect tag %x, got %x", i, c.tag, tag)
+		}
+	}
+}
+
 func TestCMAC(t *testing.T) {
 	// Test vectors from GB/T 15821.1-2020 Appendix B.
 	cases := []struct {
@ -283,6 +448,55 @@ func TestLMAC(t *testing.T) {
 	}
 }

+func TestLMACWithPadding(t *testing.T) {
+	// Test vectors from GB/T 15821.1-2020 Appendix B.
+	cases := []struct {
+		key []byte
+		src []byte
+		tag []byte
+		paddingFunc padding.PaddingFunc
+	}{
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			nil,
+			[]byte{0xcd, 0x7e, 0xd2, 0x79, 0x64, 0xe2, 0x57, 0xc0, 0x77, 0xf0, 0x55, 0xf8, 0xee, 0x38, 0x3c, 0x3f},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte("This is the test message for mac"),
+			[]byte{0xa0, 0xc4, 0x65, 0xee, 0x58, 0x96, 0x97, 0x2f, 0x83, 0x37, 0xaa, 0x1f, 0x92, 0xc9, 0x9d, 0x10},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte("This is the test message "),
+			[]byte{0x60, 0xdd, 0x95, 0x5e, 0xd0, 0xca, 0x3d, 0x7a, 0x64, 0x22, 0x71, 0x74, 0xdd, 0x98, 0xdd, 0x81},
+			padding.NewISO9797M2Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte("This is the test message for mac"),
+			[]byte{0x43, 0x05, 0x0d, 0x51, 0xc6, 0x56, 0xae, 0x60, 0xbe, 0x27, 0x3f, 0xbe, 0xa4, 0x87, 0x0e, 0xf1},
+			padding.NewISO9797M3Padding,
+		},
+		{
+			[]byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10},
+			[]byte("This is the test message "),
+			[]byte{0x61, 0xe0, 0x00, 0x49, 0xe2, 0x69, 0x62, 0xa3, 0x6f, 0xed, 0xba, 0x8d, 0x4f, 0x52, 0xf0, 0xad},
+			padding.NewISO9797M3Padding,
+		},
+	}
+
+	for i, c := range cases {
+		mac := NewLMACWithPadding(sm4.NewCipher, c.key, 16, c.paddingFunc)
+		tag := mac.MAC(c.src)
+		if !bytes.Equal(tag, c.tag) {
+			t.Errorf("#%d: expect tag %x, got %x", i, c.tag, tag)
+		}
+	}
+}
+
 func TestTRCBCMAC(t *testing.T) {
 	// Test vectors from GB/T 15821.1-2020 Appendix B.
 	cases := []struct {