OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * hmac_ossl.c |
| 3 * |
| 4 * Implementation of hmac srtp_auth_type_t that leverages OpenSSL |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 */ |
| 9 /* |
| 10 * |
| 11 * Copyright(c) 2013, Cisco Systems, Inc. |
| 12 * All rights reserved. |
| 13 * |
| 14 * Redistribution and use in source and binary forms, with or without |
| 15 * modification, are permitted provided that the following conditions |
| 16 * are met: |
| 17 * |
| 18 * Redistributions of source code must retain the above copyright |
| 19 * notice, this list of conditions and the following disclaimer. |
| 20 * |
| 21 * Redistributions in binary form must reproduce the above |
| 22 * copyright notice, this list of conditions and the following |
| 23 * disclaimer in the documentation and/or other materials provided |
| 24 * with the distribution. |
| 25 * |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 27 * contributors may be used to endorse or promote products derived |
| 28 * from this software without specific prior written permission. |
| 29 * |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 42 * |
| 43 */ |
| 44 |
| 45 #ifdef HAVE_CONFIG_H |
| 46 #include <config.h> |
| 47 #endif |
| 48 |
| 49 #include "auth.h" |
| 50 #include "alloc.h" |
| 51 #include "err.h" /* for srtp_debug */ |
| 52 #include <openssl/evp.h> |
| 53 #include <openssl/hmac.h> |
| 54 |
| 55 #define SHA1_DIGEST_SIZE 20 |
| 56 |
| 57 /* the debug module for authentiation */ |
| 58 |
| 59 srtp_debug_module_t srtp_mod_hmac = { |
| 60 0, /* debugging is off by default */ |
| 61 "hmac sha-1 openssl" /* printable name for module */ |
| 62 }; |
| 63 |
| 64 |
| 65 static srtp_err_status_t srtp_hmac_alloc (srtp_auth_t **a, int key_len, int out_
len) |
| 66 { |
| 67 extern const srtp_auth_type_t srtp_hmac; |
| 68 |
| 69 debug_print(srtp_mod_hmac, "allocating auth func with key length %d", key_le
n); |
| 70 debug_print(srtp_mod_hmac, " tag length %d", out_le
n); |
| 71 |
| 72 /* check output length - should be less than 20 bytes */ |
| 73 if (out_len > SHA1_DIGEST_SIZE) { |
| 74 return srtp_err_status_bad_param; |
| 75 } |
| 76 |
| 77 /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated |
| 78 using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ |
| 79 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 80 { |
| 81 /* allocate memory for auth and HMAC_CTX structures */ |
| 82 uint8_t* pointer; |
| 83 HMAC_CTX *new_hmac_ctx; |
| 84 pointer = (uint8_t*)srtp_crypto_alloc(sizeof(HMAC_CTX) + sizeof(srtp_aut
h_t)); |
| 85 if (pointer == NULL) { |
| 86 return srtp_err_status_alloc_fail; |
| 87 } |
| 88 *a = (srtp_auth_t*)pointer; |
| 89 (*a)->state = pointer + sizeof(srtp_auth_t); |
| 90 new_hmac_ctx = (HMAC_CTX*)((*a)->state); |
| 91 |
| 92 HMAC_CTX_init(new_hmac_ctx); |
| 93 } |
| 94 |
| 95 #else |
| 96 *a = (srtp_auth_t*)srtp_crypto_alloc(sizeof(srtp_auth_t)); |
| 97 if (*a == NULL) { |
| 98 return srtp_err_status_alloc_fail; |
| 99 } |
| 100 |
| 101 (*a)->state = HMAC_CTX_new(); |
| 102 if ((*a)->state == NULL) { |
| 103 srtp_crypto_free(*a); |
| 104 *a = NULL; |
| 105 return srtp_err_status_alloc_fail; |
| 106 } |
| 107 #endif |
| 108 |
| 109 /* set pointers */ |
| 110 (*a)->type = &srtp_hmac; |
| 111 (*a)->out_len = out_len; |
| 112 (*a)->key_len = key_len; |
| 113 (*a)->prefix_len = 0; |
| 114 |
| 115 return srtp_err_status_ok; |
| 116 } |
| 117 |
| 118 static srtp_err_status_t srtp_hmac_dealloc (srtp_auth_t *a) |
| 119 { |
| 120 HMAC_CTX *hmac_ctx; |
| 121 |
| 122 hmac_ctx = (HMAC_CTX*)a->state; |
| 123 |
| 124 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 125 HMAC_CTX_cleanup(hmac_ctx); |
| 126 |
| 127 /* zeroize entire state*/ |
| 128 octet_string_set_to_zero((uint8_t*)a, |
| 129 sizeof(HMAC_CTX) + sizeof(srtp_auth_t)); |
| 130 |
| 131 #else |
| 132 HMAC_CTX_free(hmac_ctx); |
| 133 |
| 134 /* zeroize entire state*/ |
| 135 octet_string_set_to_zero((uint8_t*)a, sizeof(srtp_auth_t)); |
| 136 #endif |
| 137 |
| 138 /* free memory */ |
| 139 srtp_crypto_free(a); |
| 140 |
| 141 return srtp_err_status_ok; |
| 142 } |
| 143 |
| 144 static srtp_err_status_t srtp_hmac_start (void *statev) |
| 145 { |
| 146 HMAC_CTX *state = (HMAC_CTX *)statev; |
| 147 |
| 148 if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) |
| 149 return srtp_err_status_auth_fail; |
| 150 |
| 151 return srtp_err_status_ok; |
| 152 } |
| 153 |
| 154 static srtp_err_status_t srtp_hmac_init (void *statev, const uint8_t *key, int k
ey_len) |
| 155 { |
| 156 HMAC_CTX *state = (HMAC_CTX *)statev; |
| 157 |
| 158 if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) |
| 159 return srtp_err_status_auth_fail; |
| 160 |
| 161 return srtp_err_status_ok; |
| 162 } |
| 163 |
| 164 static srtp_err_status_t srtp_hmac_update (void *statev, const uint8_t *message,
int msg_octets) |
| 165 { |
| 166 HMAC_CTX *state = (HMAC_CTX *)statev; |
| 167 |
| 168 debug_print(srtp_mod_hmac, "input: %s", |
| 169 srtp_octet_string_hex_string(message, msg_octets)); |
| 170 |
| 171 if (HMAC_Update(state, message, msg_octets) == 0) |
| 172 return srtp_err_status_auth_fail; |
| 173 |
| 174 return srtp_err_status_ok; |
| 175 } |
| 176 |
| 177 static srtp_err_status_t srtp_hmac_compute (void *statev, const uint8_t *message
, |
| 178 int msg_octets, int tag_len, uint8_t *result) |
| 179 { |
| 180 HMAC_CTX *state = (HMAC_CTX *)statev; |
| 181 uint8_t hash_value[SHA1_DIGEST_SIZE]; |
| 182 int i; |
| 183 unsigned int len; |
| 184 |
| 185 /* check tag length, return error if we can't provide the value expected */ |
| 186 if (tag_len > SHA1_DIGEST_SIZE) { |
| 187 return srtp_err_status_bad_param; |
| 188 } |
| 189 |
| 190 /* hash message, copy output into H */ |
| 191 if (HMAC_Update(state, message, msg_octets) == 0) |
| 192 return srtp_err_status_auth_fail; |
| 193 |
| 194 if (HMAC_Final(state, hash_value, &len) == 0) |
| 195 return srtp_err_status_auth_fail; |
| 196 |
| 197 if (len < tag_len) |
| 198 return srtp_err_status_auth_fail; |
| 199 |
| 200 /* copy hash_value to *result */ |
| 201 for (i = 0; i < tag_len; i++) { |
| 202 result[i] = hash_value[i]; |
| 203 } |
| 204 |
| 205 debug_print(srtp_mod_hmac, "output: %s", |
| 206 srtp_octet_string_hex_string(hash_value, tag_len)); |
| 207 |
| 208 return srtp_err_status_ok; |
| 209 } |
| 210 |
| 211 |
| 212 /* begin test case 0 */ |
| 213 |
| 214 static const uint8_t srtp_hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { |
| 215 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 216 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 217 0x0b, 0x0b, 0x0b, 0x0b |
| 218 }; |
| 219 |
| 220 static const uint8_t srtp_hmac_test_case_0_data[8] = { |
| 221 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ |
| 222 }; |
| 223 |
| 224 static const uint8_t srtp_hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { |
| 225 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, |
| 226 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, |
| 227 0xf1, 0x46, 0xbe, 0x00 |
| 228 }; |
| 229 |
| 230 static const srtp_auth_test_case_t srtp_hmac_test_case_0 = { |
| 231 sizeof(srtp_hmac_test_case_0_key), /* octets in key */ |
| 232 srtp_hmac_test_case_0_key, /* key */ |
| 233 sizeof(srtp_hmac_test_case_0_data), /* octets in data */ |
| 234 srtp_hmac_test_case_0_data, /* data */ |
| 235 sizeof(srtp_hmac_test_case_0_tag), /* octets in tag */ |
| 236 srtp_hmac_test_case_0_tag, /* tag */ |
| 237 NULL /* pointer to next testcase */ |
| 238 }; |
| 239 |
| 240 /* end test case 0 */ |
| 241 |
| 242 static const char srtp_hmac_description[] = "hmac sha-1 authentication function"
; |
| 243 |
| 244 /* |
| 245 * srtp_auth_type_t hmac is the hmac metaobject |
| 246 */ |
| 247 |
| 248 const srtp_auth_type_t srtp_hmac = { |
| 249 srtp_hmac_alloc, |
| 250 srtp_hmac_dealloc, |
| 251 srtp_hmac_init, |
| 252 srtp_hmac_compute, |
| 253 srtp_hmac_update, |
| 254 srtp_hmac_start, |
| 255 srtp_hmac_description, |
| 256 &srtp_hmac_test_case_0, |
| 257 SRTP_HMAC_SHA1 |
| 258 }; |
| 259 |
OLD | NEW |