Add CMAC algorithm to JSSProvider

CMAC is a form of MAC that utilizes a block cipher instead of a hash function. Support for CMAC via PKCS#11 was recently introduced to NSS allowing us to add support for it here. Related: https://bugzilla.mozilla.org/show_bug.cgi?id=1570501 Signed-off-by: Alexander Scheel <[email protected]>
dogtagpki · Sep 19, 2019 · 924eaa6 · 924eaa6
1 parent b1fbd77
commit 924eaa6
Show file tree

Hide file tree

Showing 7 changed files with 100 additions and 5 deletions.
diff --git a/org/mozilla/jss/JSSProvider.java b/org/mozilla/jss/JSSProvider.java
@@ -241,11 +241,17 @@ public JSSProvider() {
         put("Alg.Alias.Mac.Hmac-SHA384", "HmacSHA384");
         put("Mac.HmacSHA512",
             "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$HmacSHA512");
+        put("Mac.CmacAES128", "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$CmacAES128");
+        put("Mac.CmacAES192", "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$CmacAES192");
+        put("Mac.CmacAES256", "org.mozilla.jss.provider.javax.crypto.JSSMacSpi$CmacAES256");
         put("Alg.Alias.Mac.Hmac-SHA512", "HmacSHA512");
         put("Alg.Alias.Mac.SHA-1-HMAC", "HmacSHA1");
         put("Alg.Alias.Mac.SHA-256-HMAC", "HmacSHA256");
         put("Alg.Alias.Mac.SHA-384-HMAC", "HmacSHA384");
         put("Alg.Alias.Mac.SHA-512-HMAC", "HmacSHA512");
+        put("Alg.Alias.Mac.AES-128-CMAC", "CmacAES128");
+        put("Alg.Alias.Mac.AES-192-CMAC", "CmacAES192");
+        put("Alg.Alias.Mac.AES-256-CMAC", "CmacAES256");
 
 
         /////////////////////////////////////////////////////////////

diff --git a/org/mozilla/jss/crypto/Algorithm.c b/org/mozilla/jss/crypto/Algorithm.c
@@ -97,7 +97,14 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
 /* 66 */    {CKM_AES_KEY_WRAP_PAD, PK11_MECH},
 /* 67 */    {CKM_SHA256_HMAC, PK11_MECH},
 /* 68 */    {CKM_SHA384_HMAC, PK11_MECH},
-/* 69 */    {CKM_SHA512_HMAC, PK11_MECH}
+/* 69 */    {CKM_SHA512_HMAC, PK11_MECH},
+
+/* CKM_AES_CMAC is new to NSS; some implementations might not yet have it. */
+#ifdef CKM_AES_CMAC
+/* 70 */    {CKM_AES_CMAC, PK11_MECH}
+#else
+/* 70 */    {CKM_INVALID_MECHANISM, PK11_MECH}
+#endif
 /* REMEMBER TO UPDATE NUM_ALGS!!! (in Algorithm.h) */
 };
 

diff --git a/org/mozilla/jss/crypto/Algorithm.h b/org/mozilla/jss/crypto/Algorithm.h
@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr {
     JSS_AlgType type;
 } JSS_AlgInfo;
 
-#define NUM_ALGS 70
+#define NUM_ALGS 71
 
 extern JSS_AlgInfo JSS_AlgTable[];
 extern CK_ULONG JSS_symkeyUsage[];

diff --git a/org/mozilla/jss/crypto/Algorithm.java b/org/mozilla/jss/crypto/Algorithm.java
@@ -241,4 +241,7 @@ public PKCS11Algorithm getEnum() {
     protected static final int CKM_SHA256_HMAC=67;
     protected static final int CKM_SHA384_HMAC=68;
     protected static final int CKM_SHA512_HMAC=69;
+
+    // PKCS#11 AES-CMAC
+    protected static final int CKM_AES_CMAC=70;
 }
diff --git a/org/mozilla/jss/crypto/CMACAlgorithm.java b/org/mozilla/jss/crypto/CMACAlgorithm.java
@@ -0,0 +1,59 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.jss.crypto;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.Hashtable;
+
+import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
+
+/**
+ * Algorithms for performing CMACs. These can be used to create
+ * MessageDigests.
+ */
+public class CMACAlgorithm extends DigestAlgorithm {
+
+    protected CMACAlgorithm(int oidIndex, String name, OBJECT_IDENTIFIER oid,
+                            int outputSize) {
+        super(oidIndex, name, oid, outputSize);
+
+        if (oid != null && oidMap.get(oid) == null) {
+            oidMap.put(oid, this);
+        }
+    }
+
+    ///////////////////////////////////////////////////////////////////////
+    // OID mapping
+    ///////////////////////////////////////////////////////////////////////
+    private static Hashtable<OBJECT_IDENTIFIER, CMACAlgorithm> oidMap = new Hashtable<>();
+
+    /**
+     * Looks up the CMAC algorithm with the given OID.
+     *
+     * @param oid OID.
+     * @return CMAC algorithm.
+     * @exception NoSuchAlgorithmException If no registered CMAC algorithm
+     *  has the given OID.
+     */
+    public static CMACAlgorithm fromOID(OBJECT_IDENTIFIER oid)
+        throws NoSuchAlgorithmException
+    {
+        Object alg = oidMap.get(oid);
+        if (alg == null) {
+            throw new NoSuchAlgorithmException();
+        } else {
+            return (CMACAlgorithm) alg;
+        }
+    }
+
+    /**
+     * CMAC AES-X.  This is a Message Authentication Code that uses a
+     * symmetric key together with the AES cipher to create a form of
+     * signature.
+     */
+    public static final CMACAlgorithm AES128 = new CMACAlgorithm(CKM_AES_CMAC, "AES128-CMAC", null, 16);
+    public static final CMACAlgorithm AES192 = new CMACAlgorithm(CKM_AES_CMAC, "AES192-CMAC", null, 16);
+    public static final CMACAlgorithm AES256 = new CMACAlgorithm(CKM_AES_CMAC, "AES256-CMAC", null, 16);
+}
diff --git a/org/mozilla/jss/crypto/PKCS11Algorithm.java b/org/mozilla/jss/crypto/PKCS11Algorithm.java
@@ -25,7 +25,8 @@ public enum PKCS11Algorithm {
     CKM_SHA_1_HMAC (Algorithm.CKM_SHA_1_HMAC, PKCS11Constants.CKM_SHA_1_HMAC),
     CKM_SHA_256_HMAC (Algorithm.CKM_SHA256_HMAC, PKCS11Constants.CKM_SHA256_HMAC),
     CKM_SHA_384_HMAC (Algorithm.CKM_SHA384_HMAC, PKCS11Constants.CKM_SHA384_HMAC),
-    CKM_SHA_512_HMAC (Algorithm.CKM_SHA512_HMAC, PKCS11Constants.CKM_SHA512_HMAC);
+    CKM_SHA_512_HMAC (Algorithm.CKM_SHA512_HMAC, PKCS11Constants.CKM_SHA512_HMAC),
+    CKM_AES_CMAC (Algorithm.CKM_AES_CMAC, PKCS11Constants.CKM_AES_CMAC);
 
     // Value from Algorithm's constant -- this is an index into Algorithm's
     // table.

diff --git a/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java b/org/mozilla/jss/provider/javax/crypto/JSSMacSpi.java
@@ -11,7 +11,9 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.mozilla.jss.crypto.CMACAlgorithm;
 import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.DigestAlgorithm;
 import org.mozilla.jss.crypto.HMACAlgorithm;
 import org.mozilla.jss.crypto.JSSMessageDigest;
 import org.mozilla.jss.crypto.SecretKeyFacade;
@@ -21,9 +23,9 @@
 class JSSMacSpi extends javax.crypto.MacSpi {
 
     private JSSMessageDigest digest=null;
-    private HMACAlgorithm alg;
+    private DigestAlgorithm alg;
 
-    protected JSSMacSpi(HMACAlgorithm alg) {
+    protected JSSMacSpi(DigestAlgorithm alg) {
       try {
         this.alg = alg;
         CryptoToken token =
@@ -116,4 +118,21 @@ public HmacSHA512() {
         }
     }
 
+    public static class CmacAES128 extends JSSMacSpi {
+        public CmacAES128() {
+            super(CMACAlgorithm.AES128);
+        }
+    }
+
+    public static class CmacAES192 extends JSSMacSpi {
+        public CmacAES192() {
+            super(CMACAlgorithm.AES192);
+        }
+    }
+
+    public static class CmacAES256 extends JSSMacSpi {
+        public CmacAES256() {
+            super(CMACAlgorithm.AES256);
+        }
+    }
 }