Adds CMAC #903
Adds CMAC #903
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #903 +/- ##
==========================================
- Coverage 95.80% 92.34% -3.46%
==========================================
Files 61 74 +13
Lines 8143 9862 +1719
Branches 0 9862 +9862
==========================================
+ Hits 7801 9107 +1306
- Misses 342 464 +122
- Partials 0 291 +291 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
aws-lc-rs/tests/cmac_tests.rs
Outdated
| let signature = cmac::sign(&cmac_key, &input).unwrap(); | ||
|
|
||
| // Truncate to tlen | ||
| let truncated_sig = &signature.as_ref()[..std::cmp::min(signature.as_ref().len(), tlen)]; |
There was a problem hiding this comment.
The truncation used here and in the other functions is not needed -- it would actually hide a bug were we to produce too long of a signature.
There was a problem hiding this comment.
I copied these tests data, and test functions from the aws-lc. The original tests also does a truncation. Without the truncation, the tests start to fail.
https://github.com/aws/aws-lc/blob/main/crypto/fipsmodule/cmac/cmac_test.cc#L226-L227
There was a problem hiding this comment.
Ok, we should just trancate it to tlen then -- it should never be longer than the actual tag:
let truncated_sig = &signature.as_ref()[..tlen];
3 participants
Issues:
See SIM P307101963
Description of changes:
Currently, aws-lc-rs only supports HMAC
This commit adds CMAC, with support for AES 128, 192, 256 and TDES keys.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38b.pdf
Call-outs:
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.