crypto:cmac calculating the Cipher-based Message Authentication Code (ERL-82)

[gotthardp]

The ERL-82 issue requests a way to calculate a CMAC in Erlang. The AES128 CMAC is standartized in RFC 4493 and used e.g. for message authentication in the LoRaWAN networks.

The CMAC is implemented by OpenSSL since v1.0.1, but as @IngelaAndin stated in response to the ERL-82, the current crypto implementation does not include functions that call those OpenSSL cryptolib functions.

This commit introduces a new function crypto:cmac that calls the corresponding OpenSSL functions and calculates the CMAC.

Only the cmac_nif is implemented. The incremental functions (init, update, final) are not provided because the current OpenSSL does not allow custom memory allocators like enif_alloc_resource.

The crypto:cmac/4 is implemented for convenience and to keep the API similar to the crypto:hmac/3 and crypto:hmac/4.

The Erlang user guide states that at least OpenSSL 0.9.8 is required, so I added few #ifdefs so the code is compatible with all versions. However, the OpenSSL pages say that the pre-1.0.1 versions (0.9.8 and
1.0.0) are no longer maintained. Even the 1.0.1 will be retired by Dec 2016. Hence I believe that adding a 1.0.1-only function like CMAC should be OK.

[OTP-Maintainer]

The summary line of the commit message is too long and/or ends with a "."
Make sure the whole message follows the guidelines here: https://github.com/erlang/otp/wiki/Writing-good-commit-messages.

Bad message: Fix building crypto/cmac_nif on 64-bit machines.
crypto:cmac calculating the Cipher-based Message Authentication Code

---

I am a script, I am not human

---

[RaimoNiskanen]

Now running in our daily tests.

In a week we have enough people back from vacation to thoroughly review this...

[IngelaAndin]

As I understand it you should be able to use the EVP API

https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying

And we have an ambition to use the EVP API as much as possible.

[gotthardp]

Well, the openssl/cmac.c implementation used in my code is just a wrapper around the EVP API. Calculation of CMAC using EVP is not trivial and therefore OpenSSL created these convenience functions.

Calling EVP API directly (instead of using the cmac.c wrapper) just means re-implementing the cmac.c wrapper inside the OTP crypto. I think you may not want that either.

[IngelaAndin]

Ok, thank you for the explenation then that should be fine :)

[IngelaAndin]

It would be nice if you could add a reference to cmac RFC in the description part of the man page.

[gotthardp]

Done. Thank you for looking onto this. :)

[sverker]

Test case should be skipped on older OpenSSL and not fail with notsup.

[gotthardp]

Good point. Done.

[OTP-Maintainer]

The summary line of the commit message is too long and/or ends with a "."
Make sure the whole message follows the guidelines here: https://github.com/erlang/otp/wiki/Writing-good-commit-messages.

Bad message: Added a reference to cmac RFC in the description part of the man page
Fix building crypto/cmac_nif on 64-bit machines.
crypto:cmac calculating the Cipher-based Message Authentication Code

---

I am a script, I am not human

---

[RoadRunnr]

Here is a pur Erlang AES-CMAC implementation: https://gist.github.com/RoadRunnr/fc1cdba514030c0c7f6529ec6222989b

That one could be used as fall back on older OpenSSL versions or - if performance is not an issue - instead of the native version.

[IngelaAndin]

Thank you for the offer of fall back, however we do not want to open up for Erlang implementations of
of cryptographic functions with all responsibility of testing and making sure they are correct and safe to use. We think it is acceptable that it will not work with older versions of OpenSSL. We are ready to accept this PR now.

[RaimoNiskanen]

Merged to 'master'.

[gotthardp]

@RaimoNiskanen, it appears unmerged. was it your intention, or not?

[RaimoNiskanen]

Nope. I pushed the 'master' branch to the wrong repository, so here it was unmerged, but not anymore...