gchq · n1474335 · Nov 25, 2022 · Nov 1, 2022 · Nov 2, 2022
diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json
@@ -365,6 +365,7 @@
             "Compare SSDEEP hashes",
             "Compare CTPH hashes",
             "HMAC",
+            "CMAC",
             "Bcrypt",
             "Bcrypt compare",
             "Bcrypt parse",

diff --git a/src/core/operations/CMAC.mjs b/src/core/operations/CMAC.mjs
@@ -0,0 +1,143 @@
+/**
+ * @author mikecat
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import forge from "node-forge";
+import { toHexFast } from "../lib/Hex.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * CMAC operation
+ */
+class CMAC extends Operation {
+
+    /**
+     * CMAC constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "CMAC";
+        this.module = "Crypto";
+        this.description = "CMAC is a block-cipher based message authentication code algorithm.<br><br>RFC4493 defines AES-CMAC that uses AES encryption with a 128-bit key.<br>NIST SP 800-38B suggests usages of AES with other key lengths and Triple DES.";
+        this.infoURL = "https://wikipedia.org/wiki/CMAC";
+        this.inputType = "ArrayBuffer";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key",
+                "type": "toggleString",
+                "value": "",
+                "toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
+            },
+            {
+                "name": "Encryption algorithm",
+                "type": "option",
+                "value": ["AES", "Triple DES"]
+            }
+        ];
+    }
+
+    /**
+     * @param {ArrayBuffer} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const key = Utils.convertToByteString(args[0].string, args[0].option);
+        const info = (function() {
+            switch (args[1]) {
+                case "AES":
+                    if (key.length !== 16 && key.length !== 24 && key.length !== 32) {
+                        throw new OperationError("the key for AES must be either 16, 24, or 32 bytes (currently " + key.length + " bytes)");
+                    }
+                    return {
+                        "algorithm": "AES-ECB",
+                        "key": key,
+                        "blockSize": 16,
+                        "Rb": new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x87]),
+                    };
+                case "Triple DES":
+                    if (key.length !== 16 && key.length !== 24) {
+                        throw new OperationError("the key for Triple DES must be 16 or 24 bytes (currently " + key.length + " bytes)");
+                    }
+                    return {
+                        "algorithm": "3DES-ECB",
+                        "key": key.length === 16 ? key + key.substring(0, 8) : key,
+                        "blockSize": 8,
+                        "Rb": new Uint8Array([0, 0, 0, 0, 0, 0, 0, 0x1b]),
+                    };
+                default:
+                    throw new OperationError("undefined encryption algorithm");
+            }
+        })();
+        const xor = function(a, b, out) {
+            if (!out) out = new Uint8Array(a.length);
+            for (let i = 0; i < a.length; i++) {
+                out[i] = a[i] ^ b[i];
+            }
+            return out;
+        };
+        const leftShift1 = function(a) {
+            const out = new Uint8Array(a.length);
+            let carry = 0;
+            for (let i = a.length - 1; i >= 0; i--) {
+                out[i] = (a[i] << 1) | carry;
+                carry = a[i] >> 7;
+            }
+            return out;
+        };
+        const cipher = forge.cipher.createCipher(info.algorithm, info.key);
+        const encrypt = function(a, out) {
+            if (!out) out = new Uint8Array(a.length);
+            cipher.start();
+            cipher.update(forge.util.createBuffer(a));
+            cipher.finish();
+            const cipherText = cipher.output.getBytes();
+            for (let i = 0; i < a.length; i++) {
+                out[i] = cipherText.charCodeAt(i);
+            }
+            return out;
+        };
+
+        const L = encrypt(new Uint8Array(info.blockSize));
+        const K1 = leftShift1(L);
+        if (L[0] & 0x80) xor(K1, info.Rb, K1);
+        const K2 = leftShift1(K1);
+        if (K1[0] & 0x80) xor(K2, info.Rb, K2);
+
+        const n = Math.ceil(input.byteLength / info.blockSize);
+        const lastBlock = (function() {
+            if (n === 0) {
+                const data = new Uint8Array(K2);
+                data[0] ^= 0x80;
+                return data;
+            }
+            const inputLast = new Uint8Array(input, info.blockSize * (n - 1));
+            if (inputLast.length === info.blockSize) {
+                return xor(inputLast, K1, inputLast);
+            } else {
+                const data = new Uint8Array(info.blockSize);
+                data.set(inputLast, 0);
+                data[inputLast.length] = 0x80;
+                return xor(data, K2, data);
+            }
+        })();
+        const X = new Uint8Array(info.blockSize);
+        const Y = new Uint8Array(info.blockSize);
+        for (let i = 0; i < n - 1; i++) {
+            xor(X, new Uint8Array(input, info.blockSize * i, info.blockSize), Y);
+            encrypt(Y, X);
+        }
+        xor(lastBlock, X, Y);
+        const T = encrypt(Y);
+        return toHexFast(T);
+    }
+
+}
+
+export default CMAC;
diff --git a/tests/operations/index.mjs b/tests/operations/index.mjs
@@ -124,6 +124,7 @@ import "./tests/UnescapeString.mjs";
 import "./tests/LS47.mjs";
 import "./tests/LZString.mjs";
 import "./tests/NTLM.mjs";
+import "./tests/CMAC.mjs";
 
 // Cannot test operations that use the File type yet
 // import "./tests/SplitColourChannels.mjs";