From f41a5c69e7d8fb68a554f6434673bbb2673f4ccb Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Tue, 18 Mar 2025 11:41:04 +0800 Subject: [PATCH] cbcmac: CBCMAC enable provided padding method #319 --- cbcmac/cbcmac.go | 19 ++++++++++++++- cbcmac/cbcmac_test.go | 54 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/cbcmac/cbcmac.go b/cbcmac/cbcmac.go index e5f551b..b3264e6 100644 --- a/cbcmac/cbcmac.go +++ b/cbcmac/cbcmac.go @@ -37,10 +37,27 @@ type cbcmac struct { // The padding scheme is ISO/IEC 9797-1 method 2. // GB/T 15821.1-2020 MAC scheme 1 func NewCBCMAC(b cipher.Block, size int) BockCipherMAC { + return NewCBCMACWithPadding(b, size, padding.NewISO9797M2Padding) +} + + +// NewCBCMACWithPadding creates a new CBC-MAC (Cipher Block Chaining Message Authentication Code) +// with the specified block cipher, MAC size, and padding function. The MAC size must be greater +// than 0 and less than or equal to the block size of the cipher. If the size is invalid, the +// function will panic. The padding function is used to pad the input to the block size of the cipher. +// +// Parameters: +// - b: The block cipher to use for CBC-MAC. +// - size: The size of the MAC in bytes. Must be greater than 0 and less than or equal to the block size of the cipher. +// - paddingFunc: The padding function to use for padding the input to the block size of the cipher. +// +// Returns: +// - A BockCipherMAC instance that can be used to compute the CBC-MAC. +func NewCBCMACWithPadding(b cipher.Block, size int, paddingFunc padding.PaddingFunc) BockCipherMAC { if size <= 0 || size > b.BlockSize() { panic("cbcmac: invalid size") } - return &cbcmac{b: b, pad: padding.NewISO9797M2Padding(uint(b.BlockSize())), size: size} + return &cbcmac{b: b, pad: paddingFunc(uint(b.BlockSize())), size: size} } func (c *cbcmac) Size() int { diff --git a/cbcmac/cbcmac_test.go b/cbcmac/cbcmac_test.go index cff5f25..39ed47e 100644 --- a/cbcmac/cbcmac_test.go +++ b/cbcmac/cbcmac_test.go @@ -8,6 +8,7 @@ import ( "testing" "github.com/emmansun/gmsm/internal/cryptotest" + "github.com/emmansun/gmsm/padding" "github.com/emmansun/gmsm/sm4" ) @@ -48,6 +49,59 @@ func TestCBCMAC(t *testing.T) { } } +func TestCBCMACWithPadding(t *testing.T) { + // Test vectors from GB/T 15821.1-2020 Appendix B. + cases := []struct { + key []byte + src []byte + tag []byte + paddingFunc padding.PaddingFunc + }{ + { + []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}, + nil, + []byte{0x8c, 0x33, 0x8e, 0x5a, 0x27, 0xe3, 0x49, 0xbe, 0xae, 0x39, 0x21, 0x4f, 0xed, 0xa9, 0x70, 0x99}, + padding.NewISO9797M2Padding, + }, + { + []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}, + []byte("This is the test message for mac"), + []byte{0x4b, 0x65, 0x53, 0xaf, 0x3c, 0x4e, 0x27, 0x44, 0x84, 0x12, 0x31, 0x5a, 0xc7, 0x84, 0x95, 0x35}, + padding.NewISO9797M2Padding, + }, + { + []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}, + []byte("This is the test message "), + []byte{0x42, 0x1a, 0xd1, 0x69, 0x0a, 0xa1, 0x52, 0xe2, 0x84, 0x6f, 0xa2, 0xa5, 0xd8, 0x34, 0x45, 0xa9}, + padding.NewISO9797M2Padding, + }, + { + []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}, + []byte("This is the test message for mac"), + []byte{0x71, 0xaf, 0x7e, 0x45, 0x53, 0x40, 0x4c, 0xbc, 0xc4, 0xf2, 0x97, 0x3c, 0xdb, 0xd0, 0xf0, 0x63}, + padding.NewISO9797M3Padding, + }, + { + []byte{0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10}, + []byte("This is the test message "), + []byte{0x6a, 0x4a, 0x86, 0xf5, 0xb5, 0xe4, 0x68, 0xda, 0xd2, 0x7d, 0xf2, 0x5f, 0xb9, 0xd9, 0xbe, 0x16}, + padding.NewISO9797M3Padding, + }, + } + + for i, c := range cases { + block, err := sm4.NewCipher(c.key) + if err != nil { + t.Errorf("#%d: failed to create cipher: %v", i, err) + } + mac := NewCBCMACWithPadding(block, len(c.tag), c.paddingFunc) + tag := mac.MAC(c.src) + if !bytes.Equal(tag, c.tag) { + t.Errorf("#%d: expect tag %x, got %x", i, c.tag, tag) + } + } +} + func TestEMAC(t *testing.T) { // Test vectors from GB/T 15821.1-2020 Appendix B. cases := []struct {