| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "base/hmac.h" | |
| 6 | |
| 7 #include <windows.h> | |
| 8 #include <wincrypt.h> | |
| 9 | |
| 10 #include <algorithm> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "base/crypto/scoped_capi_types.h" | |
| 14 #include "base/logging.h" | |
| 15 #include "base/third_party/nss/blapi.h" | |
| 16 #include "base/third_party/nss/sha256.h" | |
| 17 | |
| 18 namespace base { | |
| 19 | |
| 20 namespace { | |
| 21 | |
| 22 // Implementation of HMAC-SHA-256: | |
| 23 // | |
| 24 // SHA-256 is supported in Windows XP SP3 or later. We still need to support | |
| 25 // Windows XP SP2, so unfortunately we have to implement HMAC-SHA-256 here. | |
| 26 | |
| 27 enum { | |
| 28 SHA256_BLOCK_SIZE = 64 // Block size (in bytes) of the input to SHA-256. | |
| 29 }; | |
| 30 | |
| 31 // See FIPS 198: The Keyed-Hash Message Authentication Code (HMAC). | |
| 32 void ComputeHMACSHA256(const unsigned char* key, size_t key_len, | |
| 33 const unsigned char* text, size_t text_len, | |
| 34 unsigned char* output, size_t output_len) { | |
| 35 SHA256Context ctx; | |
| 36 | |
| 37 // Pre-process the key, if necessary. | |
| 38 unsigned char key0[SHA256_BLOCK_SIZE]; | |
| 39 if (key_len > SHA256_BLOCK_SIZE) { | |
| 40 SHA256_Begin(&ctx); | |
| 41 SHA256_Update(&ctx, key, key_len); | |
| 42 SHA256_End(&ctx, key0, NULL, SHA256_LENGTH); | |
| 43 memset(key0 + SHA256_LENGTH, 0, SHA256_BLOCK_SIZE - SHA256_LENGTH); | |
| 44 } else { | |
| 45 memcpy(key0, key, key_len); | |
| 46 memset(key0 + key_len, 0, SHA256_BLOCK_SIZE - key_len); | |
| 47 } | |
| 48 | |
| 49 unsigned char padded_key[SHA256_BLOCK_SIZE]; | |
| 50 unsigned char inner_hash[SHA256_LENGTH]; | |
| 51 | |
| 52 // XOR key0 with ipad. | |
| 53 for (int i = 0; i < SHA256_BLOCK_SIZE; ++i) | |
| 54 padded_key[i] = key0[i] ^ 0x36; | |
| 55 | |
| 56 // Compute the inner hash. | |
| 57 SHA256_Begin(&ctx); | |
| 58 SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); | |
| 59 SHA256_Update(&ctx, text, text_len); | |
| 60 SHA256_End(&ctx, inner_hash, NULL, SHA256_LENGTH); | |
| 61 | |
| 62 // XOR key0 with opad. | |
| 63 for (int i = 0; i < SHA256_BLOCK_SIZE; ++i) | |
| 64 padded_key[i] = key0[i] ^ 0x5c; | |
| 65 | |
| 66 // Compute the outer hash. | |
| 67 SHA256_Begin(&ctx); | |
| 68 SHA256_Update(&ctx, padded_key, SHA256_BLOCK_SIZE); | |
| 69 SHA256_Update(&ctx, inner_hash, SHA256_LENGTH); | |
| 70 SHA256_End(&ctx, output, NULL, output_len); | |
| 71 } | |
| 72 | |
| 73 } // namespace | |
| 74 | |
| 75 struct HMACPlatformData { | |
| 76 ~HMACPlatformData() { | |
| 77 if (!raw_key_.empty()) { | |
| 78 SecureZeroMemory(&raw_key_[0], raw_key_.size()); | |
| 79 } | |
| 80 | |
| 81 // Destroy the key before releasing the provider. | |
| 82 key_.reset(); | |
| 83 } | |
| 84 | |
| 85 ScopedHCRYPTPROV provider_; | |
| 86 ScopedHCRYPTKEY key_; | |
| 87 | |
| 88 // For HMAC-SHA-256 only. | |
| 89 std::vector<unsigned char> raw_key_; | |
| 90 }; | |
| 91 | |
| 92 HMAC::HMAC(HashAlgorithm hash_alg) | |
| 93 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { | |
| 94 // Only SHA-1 and SHA-256 hash algorithms are supported now. | |
| 95 DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); | |
| 96 } | |
| 97 | |
| 98 bool HMAC::Init(const unsigned char* key, int key_length) { | |
| 99 if (plat_->provider_ || plat_->key_ || !plat_->raw_key_.empty()) { | |
| 100 // Init must not be called more than once on the same HMAC object. | |
| 101 NOTREACHED(); | |
| 102 return false; | |
| 103 } | |
| 104 | |
| 105 if (hash_alg_ == SHA256) { | |
| 106 if (key_length < SHA256_LENGTH / 2) | |
| 107 return false; // Key is too short. | |
| 108 plat_->raw_key_.assign(key, key + key_length); | |
| 109 return true; | |
| 110 } | |
| 111 | |
| 112 if (!CryptAcquireContext(plat_->provider_.receive(), NULL, NULL, | |
| 113 PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { | |
| 114 NOTREACHED(); | |
| 115 return false; | |
| 116 } | |
| 117 | |
| 118 // This code doesn't work on Win2k because PLAINTEXTKEYBLOB and | |
| 119 // CRYPT_IPSEC_HMAC_KEY are not supported on Windows 2000. PLAINTEXTKEYBLOB | |
| 120 // allows the import of an unencrypted key. For Win2k support, a cubmbersome | |
| 121 // exponent-of-one key procedure must be used: | |
| 122 // http://support.microsoft.com/kb/228786/en-us | |
| 123 // CRYPT_IPSEC_HMAC_KEY allows keys longer than 16 bytes. | |
| 124 | |
| 125 struct KeyBlob { | |
| 126 BLOBHEADER header; | |
| 127 DWORD key_size; | |
| 128 BYTE key_data[1]; | |
| 129 }; | |
| 130 size_t key_blob_size = std::max(offsetof(KeyBlob, key_data) + key_length, | |
| 131 sizeof(KeyBlob)); | |
| 132 std::vector<BYTE> key_blob_storage = std::vector<BYTE>(key_blob_size); | |
| 133 KeyBlob* key_blob = reinterpret_cast<KeyBlob*>(&key_blob_storage[0]); | |
| 134 key_blob->header.bType = PLAINTEXTKEYBLOB; | |
| 135 key_blob->header.bVersion = CUR_BLOB_VERSION; | |
| 136 key_blob->header.reserved = 0; | |
| 137 key_blob->header.aiKeyAlg = CALG_RC2; | |
| 138 key_blob->key_size = key_length; | |
| 139 memcpy(key_blob->key_data, key, key_length); | |
| 140 | |
| 141 if (!CryptImportKey(plat_->provider_, &key_blob_storage[0], | |
| 142 key_blob_storage.size(), 0, CRYPT_IPSEC_HMAC_KEY, | |
| 143 plat_->key_.receive())) { | |
| 144 NOTREACHED(); | |
| 145 return false; | |
| 146 } | |
| 147 | |
| 148 // Destroy the copy of the key. | |
| 149 SecureZeroMemory(key_blob->key_data, key_length); | |
| 150 | |
| 151 return true; | |
| 152 } | |
| 153 | |
| 154 HMAC::~HMAC() { | |
| 155 } | |
| 156 | |
| 157 bool HMAC::Sign(const std::string& data, | |
| 158 unsigned char* digest, | |
| 159 int digest_length) { | |
| 160 if (hash_alg_ == SHA256) { | |
| 161 if (plat_->raw_key_.empty()) | |
| 162 return false; | |
| 163 ComputeHMACSHA256(&plat_->raw_key_[0], plat_->raw_key_.size(), | |
| 164 reinterpret_cast<const unsigned char*>(data.data()), | |
| 165 data.size(), digest, digest_length); | |
| 166 return true; | |
| 167 } | |
| 168 | |
| 169 if (!plat_->provider_ || !plat_->key_) | |
| 170 return false; | |
| 171 | |
| 172 if (hash_alg_ != SHA1) { | |
| 173 NOTREACHED(); | |
| 174 return false; | |
| 175 } | |
| 176 | |
| 177 ScopedHCRYPTHASH hash; | |
| 178 if (!CryptCreateHash(plat_->provider_, CALG_HMAC, plat_->key_, 0, | |
| 179 hash.receive())) | |
| 180 return false; | |
| 181 | |
| 182 HMAC_INFO hmac_info; | |
| 183 memset(&hmac_info, 0, sizeof(hmac_info)); | |
| 184 hmac_info.HashAlgid = CALG_SHA1; | |
| 185 if (!CryptSetHashParam(hash, HP_HMAC_INFO, | |
| 186 reinterpret_cast<BYTE*>(&hmac_info), 0)) | |
| 187 return false; | |
| 188 | |
| 189 if (!CryptHashData(hash, reinterpret_cast<const BYTE*>(data.data()), | |
| 190 static_cast<DWORD>(data.size()), 0)) | |
| 191 return false; | |
| 192 | |
| 193 DWORD sha1_size = digest_length; | |
| 194 return !!CryptGetHashParam(hash, HP_HASHVAL, digest, &sha1_size, 0); | |
| 195 } | |
| 196 | |
| 197 } // namespace base | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6805019:
Move crypto files out of base, to a top level directory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/