Qt Cryptographic Architecture: aes-cmac.cpp

00001 /*
00002  Copyright (C) 2006 Brad Hards <bradh@frogmouth.net>
00003 
00004  Permission is hereby granted, free of charge, to any person obtaining a copy
00005  of this software and associated documentation files (the "Software"), to deal
00006  in the Software without restriction, including without limitation the rights
00007  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
00008  copies of the Software, and to permit persons to whom the Software is
00009  furnished to do so, subject to the following conditions:
00010 
00011  The above copyright notice and this permission notice shall be included in
00012  all copies or substantial portions of the Software.
00013 
00014  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
00015  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
00016  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
00017  AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
00018  AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
00019  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
00020 */
00021 
00022 // QtCrypto has the declarations for all of QCA
00023 #include <QtCrypto>
00024 
00025 #include <QCoreApplication>
00026 #include <QDebug>
00027 
00028 class AESCMACContext : public QCA::MACContext
00029 {
00030 public:
00031     AESCMACContext(QCA::Provider *p) : QCA::MACContext(p, "cmac(aes)")
00032     {
00033     }
00034 
00035     ~AESCMACContext()
00036     {
00037     }
00038 
00039 
00040     // Helper to left shift an arbitrary length array
00041     // This is heavily based on the example in the I-D.
00042     QCA::SecureArray leftShift(const QCA::SecureArray &array)
00043     {
00044         // We create an output of the same size as the input
00045         QCA::SecureArray out(array.size());
00046         // We handle one byte at a time - this is the high bit
00047         // from the previous byte.
00048         int overflow = 0;
00049 
00050         // work through each byte.
00051         for (int i = array.size() -1; i >= 0; --i) {
00052             // do the left shift on this byte.
00053             out[i] = array[i] << 1;
00054             // make the low bit on this byte be the high bit
00055             // from the previous byte.
00056             out[i] |= overflow;
00057             // save the high bit for next time
00058             overflow = (array[i] & 0x80) ? 1 : 0;
00059         }
00060         return out;
00061     }
00062 
00063 
00064     // Helper to XOR two arrays - must be same length
00065     QCA::SecureArray xorArray(const QCA::SecureArray &array1,
00066                           const QCA::SecureArray &array2)
00067     {
00068         if (array1.size() != array2.size())
00069             // empty array
00070             return QCA::SecureArray();
00071 
00072         QCA::SecureArray result(array1.size());
00073 
00074         for (int i = 0; i < array1.size(); ++i)
00075             result[i] = array1[i] ^ array2[i];
00076 
00077         return result;
00078     }
00079 
00080 
00081     void setup(const QCA::SymmetricKey &key)
00082     {
00083         // We might not have a real key, since this can get called
00084         // from the constructor.
00085         if (key.size() == 0)
00086             return;
00087 
00088         m_key = key;
00089         // Generate the subkeys
00090         QCA::SecureArray const_Zero(16);
00091         QCA::SecureArray const_Rb(16);
00092         const_Rb[15] = (char)0x87;
00093 
00094         m_X = const_Zero;
00095         m_residual = QCA::SecureArray();
00096 
00097         // Figure 2.2, step 1.
00098         QCA::Cipher aesObj(QString("aes128"),
00099                            QCA::Cipher::ECB, QCA::Cipher::DefaultPadding,
00100                            QCA::Encode, key);
00101         QCA::SecureArray L = aesObj.process(const_Zero);
00102 
00103         // Figure 2.2, step 2
00104         if (0 == (L[0] & 0x80))
00105             m_k1 = leftShift(L);
00106         else
00107             m_k1 = xorArray(leftShift(L), const_Rb);
00108 
00109         // Figure 2.2, step 3
00110         if (0 == (m_k1[0] & 0x80))
00111             m_k2 = leftShift(m_k1);
00112         else
00113             m_k2 = xorArray(leftShift(m_k1), const_Rb);
00114     }
00115 
00116     QCA::Provider::Context *clone() const
00117     {
00118         return new AESCMACContext(*this);
00119     }
00120 
00121     void clear()
00122     {
00123         setup(m_key);
00124     }
00125 
00126     QCA::KeyLength keyLength() const
00127     {
00128         return QCA::KeyLength(16, 16, 1);
00129     }
00130 
00131     // This is a bit different to the way the I-D does it,
00132     // to allow for multiple update() calls.
00133     void update(const QCA::MemoryRegion &a)
00134     {
00135         QCA::SecureArray bytesToProcess = m_residual + a;
00136         int blockNum;
00137         // note that we don't want to do the last full block here, because
00138         // it needs special treatment in final().
00139         for (blockNum = 0; blockNum < ((bytesToProcess.size()-1)/16); ++blockNum) {
00140             // copy a block of data
00141             QCA::SecureArray thisBlock(16);
00142             for (int yalv = 0; yalv < 16; ++yalv)
00143                 thisBlock[yalv] = bytesToProcess[blockNum*16 + yalv];
00144 
00145             m_Y = xorArray(m_X, thisBlock);
00146 
00147             QCA::Cipher aesObj(QString("aes128"),
00148                                QCA::Cipher::ECB, QCA::Cipher::DefaultPadding,
00149                                QCA::Encode, m_key);
00150             m_X = aesObj.process(m_Y);
00151         }
00152         // This can be between 1 and 16
00153         int numBytesLeft = bytesToProcess.size() - 16*blockNum;
00154         // we copy the left over part
00155         m_residual.resize(numBytesLeft);
00156         for(int yalv = 0; yalv < numBytesLeft; ++yalv)
00157             m_residual[yalv] = bytesToProcess[blockNum*16 + yalv];
00158     }
00159 
00160     void final( QCA::MemoryRegion *out)
00161     {
00162         QCA::SecureArray lastBlock;
00163         int numBytesLeft = m_residual.size();
00164 
00165         if ( numBytesLeft != 16 ) {
00166             // no full block, so we have to pad.
00167             m_residual.resize(16);
00168             m_residual[numBytesLeft] = (char)0x80;
00169             lastBlock = xorArray(m_residual, m_k2);
00170         } else {
00171             // this is a full block - no padding
00172             lastBlock = xorArray(m_residual, m_k1);
00173         }
00174         m_Y = xorArray(m_X, lastBlock);
00175         QCA::Cipher aesObj(QString("aes128"),
00176                            QCA::Cipher::ECB, QCA::Cipher::DefaultPadding,
00177                            QCA::Encode, m_key);
00178         *out = aesObj.process(m_Y);
00179 
00180     }
00181 
00182 protected:
00183     // first subkey
00184     QCA::SecureArray m_k1;
00185     // second subkey
00186     QCA::SecureArray m_k2;
00187     // main key
00188     QCA::SecureArray m_key;
00189 
00190     // state
00191     QCA::SecureArray m_X;
00192     QCA::SecureArray m_Y;
00193 
00194     // partial block that we can't do yet
00195     QCA::SecureArray m_residual;
00196 };
00197 
00198 class ClientSideProvider : public QCA::Provider
00199 {
00200 public:
00201         int qcaVersion() const
00202         {
00203                 return QCA_VERSION;
00204         }
00205 
00206         QString name() const
00207         {
00208                 return "exampleClientSideProvider";
00209         }
00210 
00211         QStringList features() const
00212         {
00213                 QStringList list;
00214                 list += "cmac(aes)";
00215                 // you can add more features in here, if you have some.
00216                 return list;
00217         }
00218 
00219         Provider::Context *createContext(const QString &type)
00220         {
00221             if(type == "cmac(aes)")
00222                 return new AESCMACContext(this);
00223             // else if (type == some other feature)
00224             //  return some other context.
00225             else
00226                 return 0;
00227         }
00228 };
00229 
00230 
00231 // AES CMAC is a Message Authentication Code based on a block cipher
00232 // instead of the more normal keyed hash.
00233 // See RFC 4493 "The AES-CMAC Algorithm"
00234 class AES_CMAC: public QCA::MessageAuthenticationCode
00235 {
00236 public:
00237     AES_CMAC(const QCA::SymmetricKey &key = QCA::SymmetricKey(),
00238              const QString &provider = QString()):
00239         QCA::MessageAuthenticationCode( "cmac(aes)", key, provider)
00240     {}
00241 };
00242 
00243 
00244 int main(int argc, char **argv)
00245 {
00246     QCoreApplication app(argc, argv);
00247 
00248     qDebug() << "This example shows AES CMAC";
00249 
00250     // the Initializer object sets things up, and
00251     // also does cleanup when it goes out of scope
00252     QCA::Initializer init;
00253 
00254     qDebug() << "Completed initialisation";
00255 
00256     if( ! QCA::isSupported("aes128-ecb") ) {
00257         qDebug() << "AES not supported!";
00258     }
00259 
00260     if ( QCA::insertProvider(new ClientSideProvider, 0) )
00261         qDebug() << "Inserted our provider";
00262     else
00263         qDebug() << "our provider could not be added";
00264 
00265     // We should check AES CMAC is supported before using it.
00266     if( ! QCA::isSupported("cmac(aes)") ) {
00267         qDebug() << "AES CMAC not supported!";
00268     } else {
00269         // create the required object
00270         AES_CMAC cmacObject;
00271 
00272         // create the key
00273         QCA::SymmetricKey key(QCA::hexToArray("2b7e151628aed2a6abf7158809cf4f3c"));
00274 
00275         // set the MAC to use the key
00276         cmacObject.setup(key);
00277 
00278         QCA::SecureArray message = QCA::hexToArray("6bc1bee22e409f96e93d7e117393172a"
00279                                                "ae2d8a571e03ac9c9eb76fac45af8e51"
00280                                                "30c81c46a35ce411e5fbc1191a0a52ef"
00281                                                "f69f2445df4f9b17ad2b417be66c3710");
00282         QCA::SecureArray message1(message);
00283         message1.resize(0);
00284         qDebug();
00285         qDebug() << "Message1: " << QCA::arrayToHex(message1.toByteArray());
00286         qDebug() << "Expecting:  bb1d6929e95937287fa37d129b756746";
00287         qDebug() << "AES-CMAC: " << QCA::arrayToHex(cmacObject.process(message1).toByteArray());
00288 
00289         cmacObject.clear();
00290         QCA::SecureArray message2(message);
00291         message2.resize(16);
00292         qDebug();
00293         qDebug() << "Message2: " << QCA::arrayToHex(message2.toByteArray());
00294         qDebug() << "Expecting:  070a16b46b4d4144f79bdd9dd04a287c";
00295         qDebug() << "AES-CMAC: " << QCA::arrayToHex(cmacObject.process(message2).toByteArray());
00296 
00297         cmacObject.clear();
00298         QCA::SecureArray message3(message);
00299         message3.resize(40);
00300         qDebug();
00301         qDebug() << "Message3: " << QCA::arrayToHex(message3.toByteArray());
00302         qDebug() << "Expecting:  dfa66747de9ae63030ca32611497c827";
00303         qDebug() << "AES-CMAC  " << QCA::arrayToHex(cmacObject.process(message3).toByteArray());
00304 
00305         cmacObject.clear();
00306         QCA::SecureArray message4(message);
00307         message4.resize(64);
00308         qDebug();
00309         qDebug() << "Message4: " << QCA::arrayToHex(message4.toByteArray());
00310         qDebug() << "Expecting:  51f0bebf7e3b9d92fc49741779363cfe";
00311         qDebug() << "AES-CMAC: " << QCA::arrayToHex(cmacObject.process(message4).toByteArray());
00312     }
00313 
00314     return 0;
00315 }
00316