• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright 2020 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14"""MAC wrapper.
15"""
16
17from typing import Type
18from absl import logging
19
20
21from tink.proto import tink_pb2
22from tink import core
23from tink.mac import _mac
24
25
26class _WrappedMac(_mac.Mac):
27  """Implements Mac for a set of Mac primitives."""
28
29  def __init__(self, pset: core.PrimitiveSet):
30    self._primitive_set = pset
31
32  def compute_mac(self, data: bytes) -> bytes:
33    primary = self._primitive_set.primary()
34    if primary.output_prefix_type == tink_pb2.LEGACY:
35      return primary.identifier + primary.primitive.compute_mac(
36          data + core.crypto_format.LEGACY_START_BYTE)
37    else:
38      return primary.identifier + primary.primitive.compute_mac(data)
39
40  def verify_mac(self, mac_value: bytes, data: bytes) -> None:
41    if len(mac_value) <= core.crypto_format.NON_RAW_PREFIX_SIZE:
42      # This also rejects raw MAC with size of 4 bytes or fewer. Those MACs are
43      # clearly insecure, thus should be discouraged.
44      raise core.TinkError('tag too short')
45    prefix = mac_value[:core.crypto_format.NON_RAW_PREFIX_SIZE]
46    mac_no_prefix = mac_value[core.crypto_format.NON_RAW_PREFIX_SIZE:]
47    for entry in self._primitive_set.primitive_from_identifier(prefix):
48      try:
49        if entry.output_prefix_type == tink_pb2.LEGACY:
50          entry.primitive.verify_mac(mac_no_prefix, data + b'\x00')
51        else:
52          entry.primitive.verify_mac(mac_no_prefix, data)
53        # If there is no exception, the MAC is valid and we can return.
54        return
55      except core.TinkError as e:
56        logging.info('tag prefix matches a key, but cannot verify: %s', e)
57
58    # No 'non-raw' key matched, so let's try the raw keys (if any exist).
59    for entry in self._primitive_set.raw_primitives():
60      try:
61        entry.primitive.verify_mac(mac_value, data)
62        # If there is no exception, the MAC is valid and we can return.
63        return
64      except core.TinkError as e:
65        pass
66    raise core.TinkError('invalid MAC')
67
68
69class MacWrapper(core.PrimitiveWrapper[_mac.Mac, _mac.Mac]):
70  """MacWrapper is the implementation of PrimitiveWrapper for the Mac primitive.
71
72  The returned primitive works with a keyset (rather than a single key). To
73  compute a MAC tag, it uses the primary key in the keyset, and prepends to the
74  tag a certain prefix associated with the primary key. To verify a tag, the
75  primitive uses the prefix of the tag to efficiently select the right key in
76  the set. If the keys associated with the prefix do not validate the tag, the
77  primitive tries all keys with tink_pb2.OutputPrefixType = tink_pb2.RAW.
78  """
79
80  def wrap(self, pset: core.PrimitiveSet) -> _mac.Mac:
81    return _WrappedMac(pset)
82
83  def primitive_class(self) -> Type[_mac.Mac]:
84    return _mac.Mac
85
86  def input_primitive_class(self) -> Type[_mac.Mac]:
87    return _mac.Mac
88