OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * hmac_ossl.c |
| 3 * |
| 4 * Implementation of hmac auth_type_t that leverages OpenSSL |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 */ |
| 9 /* |
| 10 * |
| 11 * Copyright(c) 2013, Cisco Systems, Inc. |
| 12 * All rights reserved. |
| 13 * |
| 14 * Redistribution and use in source and binary forms, with or without |
| 15 * modification, are permitted provided that the following conditions |
| 16 * are met: |
| 17 * |
| 18 * Redistributions of source code must retain the above copyright |
| 19 * notice, this list of conditions and the following disclaimer. |
| 20 * |
| 21 * Redistributions in binary form must reproduce the above |
| 22 * copyright notice, this list of conditions and the following |
| 23 * disclaimer in the documentation and/or other materials provided |
| 24 * with the distribution. |
| 25 * |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 27 * contributors may be used to endorse or promote products derived |
| 28 * from this software without specific prior written permission. |
| 29 * |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 42 * |
| 43 */ |
| 44 |
| 45 #ifdef HAVE_CONFIG_H |
| 46 #include <config.h> |
| 47 #endif |
| 48 |
| 49 #include "hmac.h" |
| 50 #include "alloc.h" |
| 51 #include <openssl/evp.h> |
| 52 |
| 53 /* the debug module for authentiation */ |
| 54 |
| 55 debug_module_t mod_hmac = { |
| 56 0, /* debugging is off by default */ |
| 57 "hmac sha-1 openssl" /* printable name for module */ |
| 58 }; |
| 59 |
| 60 |
| 61 err_status_t |
| 62 hmac_alloc (auth_t **a, int key_len, int out_len) |
| 63 { |
| 64 extern auth_type_t hmac; |
| 65 uint8_t *pointer; |
| 66 hmac_ctx_t *new_hmac_ctx; |
| 67 |
| 68 debug_print(mod_hmac, "allocating auth func with key length %d", key_len); |
| 69 debug_print(mod_hmac, " tag length %d", out_len); |
| 70 |
| 71 /* |
| 72 * check key length - note that we don't support keys larger |
| 73 * than 20 bytes yet |
| 74 */ |
| 75 if (key_len > 20) { |
| 76 return err_status_bad_param; |
| 77 } |
| 78 |
| 79 /* check output length - should be less than 20 bytes */ |
| 80 if (out_len > 20) { |
| 81 return err_status_bad_param; |
| 82 } |
| 83 |
| 84 /* allocate memory for auth and hmac_ctx_t structures */ |
| 85 pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); |
| 86 if (pointer == NULL) { |
| 87 return err_status_alloc_fail; |
| 88 } |
| 89 |
| 90 /* set pointers */ |
| 91 *a = (auth_t*)pointer; |
| 92 (*a)->type = &hmac; |
| 93 (*a)->state = pointer + sizeof(auth_t); |
| 94 (*a)->out_len = out_len; |
| 95 (*a)->key_len = key_len; |
| 96 (*a)->prefix_len = 0; |
| 97 new_hmac_ctx = (hmac_ctx_t*)((*a)->state); |
| 98 memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); |
| 99 |
| 100 /* increment global count of all hmac uses */ |
| 101 hmac.ref_count++; |
| 102 |
| 103 return err_status_ok; |
| 104 } |
| 105 |
| 106 err_status_t |
| 107 hmac_dealloc (auth_t *a) |
| 108 { |
| 109 extern auth_type_t hmac; |
| 110 hmac_ctx_t *hmac_ctx; |
| 111 |
| 112 hmac_ctx = (hmac_ctx_t*)a->state; |
| 113 if (hmac_ctx->ctx_initialized) { |
| 114 EVP_MD_CTX_cleanup(&hmac_ctx->ctx); |
| 115 } |
| 116 if (hmac_ctx->init_ctx_initialized) { |
| 117 EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); |
| 118 } |
| 119 |
| 120 /* zeroize entire state*/ |
| 121 octet_string_set_to_zero((uint8_t*)a, |
| 122 sizeof(hmac_ctx_t) + sizeof(auth_t)); |
| 123 |
| 124 /* free memory */ |
| 125 crypto_free(a); |
| 126 |
| 127 /* decrement global count of all hmac uses */ |
| 128 hmac.ref_count--; |
| 129 |
| 130 return err_status_ok; |
| 131 } |
| 132 |
| 133 err_status_t |
| 134 hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) |
| 135 { |
| 136 int i; |
| 137 uint8_t ipad[64]; |
| 138 |
| 139 /* |
| 140 * check key length - note that we don't support keys larger |
| 141 * than 20 bytes yet |
| 142 */ |
| 143 if (key_len > 20) { |
| 144 return err_status_bad_param; |
| 145 } |
| 146 |
| 147 /* |
| 148 * set values of ipad and opad by exoring the key into the |
| 149 * appropriate constant values |
| 150 */ |
| 151 for (i = 0; i < key_len; i++) { |
| 152 ipad[i] = key[i] ^ 0x36; |
| 153 state->opad[i] = key[i] ^ 0x5c; |
| 154 } |
| 155 /* set the rest of ipad, opad to constant values */ |
| 156 for (; i < 64; i++) { |
| 157 ipad[i] = 0x36; |
| 158 ((uint8_t*)state->opad)[i] = 0x5c; |
| 159 } |
| 160 |
| 161 debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); |
| 162 |
| 163 /* initialize sha1 context */ |
| 164 sha1_init(&state->init_ctx); |
| 165 state->init_ctx_initialized = 1; |
| 166 |
| 167 /* hash ipad ^ key */ |
| 168 sha1_update(&state->init_ctx, ipad, 64); |
| 169 return (hmac_start(state)); |
| 170 } |
| 171 |
| 172 err_status_t |
| 173 hmac_start (hmac_ctx_t *state) |
| 174 { |
| 175 if (state->ctx_initialized) { |
| 176 EVP_MD_CTX_cleanup(&state->ctx); |
| 177 } |
| 178 if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { |
| 179 return err_status_auth_fail; |
| 180 } else { |
| 181 state->ctx_initialized = 1; |
| 182 return err_status_ok; |
| 183 } |
| 184 } |
| 185 |
| 186 err_status_t |
| 187 hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) |
| 188 { |
| 189 |
| 190 debug_print(mod_hmac, "input: %s", |
| 191 octet_string_hex_string(message, msg_octets)); |
| 192 |
| 193 /* hash message into sha1 context */ |
| 194 sha1_update(&state->ctx, message, msg_octets); |
| 195 |
| 196 return err_status_ok; |
| 197 } |
| 198 |
| 199 err_status_t |
| 200 hmac_compute (hmac_ctx_t *state, const void *message, |
| 201 int msg_octets, int tag_len, uint8_t *result) |
| 202 { |
| 203 uint32_t hash_value[5]; |
| 204 uint32_t H[5]; |
| 205 int i; |
| 206 |
| 207 /* check tag length, return error if we can't provide the value expected */ |
| 208 if (tag_len > 20) { |
| 209 return err_status_bad_param; |
| 210 } |
| 211 |
| 212 /* hash message, copy output into H */ |
| 213 sha1_update(&state->ctx, message, msg_octets); |
| 214 sha1_final(&state->ctx, H); |
| 215 |
| 216 /* |
| 217 * note that we don't need to debug_print() the input, since the |
| 218 * function hmac_update() already did that for us |
| 219 */ |
| 220 debug_print(mod_hmac, "intermediate state: %s", |
| 221 octet_string_hex_string((uint8_t*)H, 20)); |
| 222 |
| 223 /* re-initialize hash context */ |
| 224 sha1_init(&state->ctx); |
| 225 |
| 226 /* hash opad ^ key */ |
| 227 sha1_update(&state->ctx, (uint8_t*)state->opad, 64); |
| 228 |
| 229 /* hash the result of the inner hash */ |
| 230 sha1_update(&state->ctx, (uint8_t*)H, 20); |
| 231 |
| 232 /* the result is returned in the array hash_value[] */ |
| 233 sha1_final(&state->ctx, hash_value); |
| 234 |
| 235 /* copy hash_value to *result */ |
| 236 for (i = 0; i < tag_len; i++) { |
| 237 result[i] = ((uint8_t*)hash_value)[i]; |
| 238 } |
| 239 |
| 240 debug_print(mod_hmac, "output: %s", |
| 241 octet_string_hex_string((uint8_t*)hash_value, tag_len)); |
| 242 |
| 243 return err_status_ok; |
| 244 } |
| 245 |
| 246 |
| 247 /* begin test case 0 */ |
| 248 |
| 249 uint8_t |
| 250 hmac_test_case_0_key[20] = { |
| 251 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 252 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 253 0x0b, 0x0b, 0x0b, 0x0b |
| 254 }; |
| 255 |
| 256 uint8_t |
| 257 hmac_test_case_0_data[8] = { |
| 258 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ |
| 259 }; |
| 260 |
| 261 uint8_t |
| 262 hmac_test_case_0_tag[20] = { |
| 263 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, |
| 264 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, |
| 265 0xf1, 0x46, 0xbe, 0x00 |
| 266 }; |
| 267 |
| 268 auth_test_case_t |
| 269 hmac_test_case_0 = { |
| 270 20, /* octets in key */ |
| 271 hmac_test_case_0_key, /* key */ |
| 272 8, /* octets in data */ |
| 273 hmac_test_case_0_data, /* data */ |
| 274 20, /* octets in tag */ |
| 275 hmac_test_case_0_tag, /* tag */ |
| 276 NULL /* pointer to next testcase */ |
| 277 }; |
| 278 |
| 279 /* end test case 0 */ |
| 280 |
| 281 char hmac_description[] = "hmac sha-1 authentication function"; |
| 282 |
| 283 /* |
| 284 * auth_type_t hmac is the hmac metaobject |
| 285 */ |
| 286 |
| 287 auth_type_t |
| 288 hmac = { |
| 289 (auth_alloc_func) hmac_alloc, |
| 290 (auth_dealloc_func) hmac_dealloc, |
| 291 (auth_init_func) hmac_init, |
| 292 (auth_compute_func) hmac_compute, |
| 293 (auth_update_func) hmac_update, |
| 294 (auth_start_func) hmac_start, |
| 295 (char*) hmac_description, |
| 296 (int) 0, /* instance count */ |
| 297 (auth_test_case_t*) &hmac_test_case_0, |
| 298 (debug_module_t*) &mod_hmac, |
| 299 (auth_type_id_t) HMAC_SHA1 |
| 300 }; |
| 301 |
OLD | NEW |