rust: add tink-mac crate

Adapted from go/mac/*.

Author: daviddrysdale

rust/Cargo.lock

@@ -1,11 +1,10 @@
 [workspace]
-# members = ["daead", "mac", "prf", "testutil", "tink"]
-members = ["daead", "prf", "testutil", "tink"]
+members = ["daead", "mac", "prf", "testutil", "tink"]
 
 # Patch dependencies on tink crates so that they refer to the versions within this same repository.
 [patch.crates-io]
 tink = { path = "tink" }
 tink-daead = { path = "daead" }
-# tink-mac = { path = "mac" }
+tink-mac = { path = "mac" }
 tink-prf = { path = "prf" }
 tink-testutil = { path = "testutil" }

rust/Cargo.toml

@@ -53,7 +53,7 @@ Go packages and the equivalent Rust crates and modules, when available.
 |                      | `aead` |
 | `tink-daead`         | `daead` |
 |                      | `hybrid` |
-|                      | `mac` |
+| `tink-mac`           | `mac` |
 | `tink-prf`           | `prf` |
 |                      | `signature` |
 |                      | `streamingaead` |

rust/README.md

@@ -0,0 +1,19 @@
+[package]
+name = "tink-mac"
+version = "0.1.0"
+authors = ["David Drysdale <drysdale@google.com>"]
+edition = "2018"
+
+[dependencies]
+prost = "*"
+tink = "*"
+tink-prf = "*"
+
+[dev-dependencies]
+hex = "*"
+lazy_static = "*"
+maplit = "*"
+serde = { version = "*", features = ["derive"] }
+serde_json = "*"
+tink-prf = "*"
+tink-testutil = "*"

rust/mac/Cargo.toml

@@ -0,0 +1,125 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+use prost::Message;
+use tink::{utils::wrap_err, TinkError};
+
+/// Maximal version of AES-CMAC keys.
+pub const CMAC_KEY_VERSION: u32 = 0;
+/// Type URL of AES-CMAC keys that Tink supports.
+pub const CMAC_TYPE_URL: &str = "type.googleapis.com/google.crypto.tink.AesCmacKey";
+
+/// Generates new AES-CMAC keys and produces new instances of AES-CMAC.
+pub(crate) struct AesCmacKeyManager;
+
+impl AesCmacKeyManager {
+    pub fn new() -> Self {
+        Self
+    }
+}
+
+impl Default for AesCmacKeyManager {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl tink::registry::KeyManager for AesCmacKeyManager {
+    /// Create an [`AesCmac`](crate::subtle::AesCmac) instance for the given serialized
+    /// [`AesCmacKey`](tink:;proto::AesCmacKey) proto.
+    fn primitive(&self, serialized_key: &[u8]) -> Result<tink::Primitive, TinkError> {
+        if serialized_key.is_empty() {
+            return Err("AesCmacKeyManager: invalid key".into());
+        }
+
+        let key = tink::proto::AesCmacKey::decode(serialized_key)
+            .map_err(|e| wrap_err("decode failed", e))?;
+        validate_key(&key)?;
+        match crate::subtle::AesCmac::new(&key.key_value, key.params.unwrap().tag_size as usize) {
+            Ok(p) => Ok(tink::Primitive::Mac(std::sync::Arc::new(p))),
+            Err(e) => Err(wrap_err(
+                "AesCmacKeyManager: cannot create new primitive",
+                e,
+            )),
+        }
+    }
+
+    /// Generate a new serialized [`AesCmacKey`](tink::proto::AesCmacKey) according to
+    /// specification in the given [`AesCmacKeyFormat`](tink::proto::AesCmacKeyFormat).
+    fn new_key(&self, serialized_key_format: &[u8]) -> Result<Vec<u8>, TinkError> {
+        if serialized_key_format.is_empty() {
+            return Err("AesCmacKeyManager: invalid key format".into());
+        }
+        let key_format = tink::proto::AesCmacKeyFormat::decode(serialized_key_format)
+            .map_err(|_| TinkError::new("AesCmacKeyManager: invalid key format"))?;
+        validate_key_format(&key_format)
+            .map_err(|e| wrap_err("AesCmacKeyManager: invalid key format", e))?;
+        let key_value = tink::subtle::random::get_random_bytes(key_format.key_size as usize);
+        let mut sk = Vec::new();
+        tink::proto::AesCmacKey {
+            version: CMAC_KEY_VERSION,
+            params: key_format.params,
+            key_value,
+        }
+        .encode(&mut sk)
+        .map_err(|e| wrap_err("Failed to encode new key", e))?;
+        Ok(sk)
+    }
+
+    fn does_support(&self, type_url: &str) -> bool {
+        type_url == CMAC_TYPE_URL
+    }
+
+    fn type_url(&self) -> String {
+        CMAC_TYPE_URL.to_string()
+    }
+
+    /// Create a new [`KeyData`](tink::proto::KeyData) according to the specification in the given
+    /// serialized [`AesCmacKeyFormat`](tink::proto::AesCmacKeyFormat). This should be used
+    /// solely by the key management API.
+    fn new_key_data(
+        &self,
+        serialized_key_format: &[u8],
+    ) -> Result<tink::proto::KeyData, TinkError> {
+        let serialized_key = self.new_key(serialized_key_format)?;
+
+        Ok(tink::proto::KeyData {
+            type_url: CMAC_TYPE_URL.to_string(),
+            value: serialized_key,
+            key_material_type: tink::proto::key_data::KeyMaterialType::Symmetric as i32,
+        })
+    }
+}
+
+/// Validate the given [`AesCmacKey`](tink::proto::AesCmacKey). It only validates the version of the
+/// key because other parameters will be validated in primitive construction.
+fn validate_key(key: &tink::proto::AesCmacKey) -> Result<(), TinkError> {
+    tink::keyset::validate_key_version(key.version, CMAC_KEY_VERSION)
+        .map_err(|e| wrap_err("AesCmacKeyManager: invalid version", e))?;
+    let key_size = key.key_value.len();
+    match &key.params {
+        None => Err("missing AES-CMAC params".into()),
+        Some(params) => crate::subtle::validate_cmac_params(key_size, params.tag_size as usize),
+    }
+}
+
+/// Validate the given [`AesCmacKeyFormat`](tink::proto::AesCmacKeyFormat).
+fn validate_key_format(format: &tink::proto::AesCmacKeyFormat) -> Result<(), TinkError> {
+    match &format.params {
+        None => Err("missing AES-CMAC params".into()),
+        Some(params) => {
+            crate::subtle::validate_cmac_params(format.key_size as usize, params.tag_size as usize)
+        }
+    }
+}

rust/mac/src/aes_cmac_key_manager.rs

@@ -0,0 +1,118 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+use std::sync::Arc;
+use tink::{utils::wrap_err, TinkError};
+
+/// Create a [`tink::Mac`] primitive from the given keyset handle.
+pub fn new(h: &tink::keyset::Handle) -> Result<Box<dyn tink::Mac>, TinkError> {
+    new_with_key_manager(h, None)
+}
+
+/// Create a [`tink::Mac`] primitive from the given keyset handle and a custom key manager.
+pub fn new_with_key_manager(
+    h: &tink::keyset::Handle,
+    km: Option<Arc<dyn tink::registry::KeyManager>>,
+) -> Result<Box<dyn tink::Mac>, TinkError> {
+    let ps = h
+        .primitives_with_key_manager(km)
+        .map_err(|e| wrap_err("mac::factory: cannot obtain primitive set", e))?;
+
+    let ret = WrappedMac::new(ps)?;
+    Ok(Box::new(ret))
+}
+
+/// A [`tink::Mac`] implementation that uses the underlying primitive set to compute and
+/// verify MACs.
+struct WrappedMac {
+    ps: tink::primitiveset::PrimitiveSet,
+}
+
+impl WrappedMac {
+    fn new(ps: tink::primitiveset::PrimitiveSet) -> Result<WrappedMac, TinkError> {
+        let primary = &ps.primary;
+        if primary.is_none() {
+            return Err("mac::factory: no primary primitive".into());
+        }
+        match primary.as_ref().unwrap().primitive {
+            tink::Primitive::Mac(_) => {}
+            _ => return Err("mac::factory: not a Mac primitive".into()),
+        };
+        for (_, primitives) in ps.entries.iter() {
+            for p in primitives {
+                match p.primitive {
+                    tink::Primitive::Mac(_) => {}
+                    _ => return Err("mac::factory: not a Mac primitive".into()),
+                };
+            }
+        }
+        Ok(WrappedMac { ps })
+    }
+}
+
+impl tink::Mac for WrappedMac {
+    fn compute_mac(&self, data: &[u8]) -> Result<Vec<u8>, TinkError> {
+        let primary = match &self.ps.primary {
+            Some(p) => p,
+            None => return Err("mac::factory: no primary primitive".into()),
+        };
+        let primitive = match &primary.primitive {
+            tink::Primitive::Mac(p) => p,
+            _ => return Err("mac::factory: not a Mac primitive".into()),
+        };
+        let mac = primitive.compute_mac(data)?;
+
+        let mut ret = Vec::with_capacity(primary.prefix.len() + mac.len());
+        ret.extend_from_slice(&primary.prefix);
+        ret.extend_from_slice(&mac);
+        Ok(ret)
+    }
+
+    fn verify_mac(&self, mac: &[u8], data: &[u8]) -> Result<(), TinkError> {
+        // This also rejects raw MAC with size of 4 bytes or fewer. Those MACs are
+        // clearly insecure, thus should be discouraged.
+        let prefix_size = tink::cryptofmt::NON_RAW_PREFIX_SIZE;
+        if mac.len() <= prefix_size {
+            return Err("mac::factory: invalid mac".into());
+        }
+
+        // try non raw keys
+        let prefix = &mac[..prefix_size];
+        let mac_no_prefix = &mac[prefix_size..];
+        let entries = self.ps.entries_for_prefix(&prefix);
+        for entry in &entries {
+            if let tink::Primitive::Mac(p) = &entry.primitive {
+                if p.verify_mac(mac_no_prefix, data).is_ok() {
+                    return Ok(());
+                }
+            } else {
+                return Err("mac::factory: not a Mac primitive".into());
+            }
+        }
+
+        let entries = self.ps.raw_entries();
+        for entry in &entries {
+            if let tink::Primitive::Mac(p) = &entry.primitive {
+                if p.verify_mac(mac, data).is_ok() {
+                    return Ok(());
+                }
+            } else {
+                return Err("mac::factory: not a Mac primitive".into());
+            }
+        }
+
+        // nothing worked
+        Err("mac::factory: decryption failed".into())
+    }
+}