OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * hmac_ossl.c |
| 3 * |
| 4 * Implementation of hmac auth_type_t that leverages OpenSSL |
| 5 * |
| 6 * John A. Foley |
| 7 * Cisco Systems, Inc. |
| 8 */ |
| 9 /* |
| 10 * |
| 11 * Copyright(c) 2013, Cisco Systems, Inc. |
| 12 * All rights reserved. |
| 13 * |
| 14 * Redistribution and use in source and binary forms, with or without |
| 15 * modification, are permitted provided that the following conditions |
| 16 * are met: |
| 17 * |
| 18 * Redistributions of source code must retain the above copyright |
| 19 * notice, this list of conditions and the following disclaimer. |
| 20 * |
| 21 * Redistributions in binary form must reproduce the above |
| 22 * copyright notice, this list of conditions and the following |
| 23 * disclaimer in the documentation and/or other materials provided |
| 24 * with the distribution. |
| 25 * |
| 26 * Neither the name of the Cisco Systems, Inc. nor the names of its |
| 27 * contributors may be used to endorse or promote products derived |
| 28 * from this software without specific prior written permission. |
| 29 * |
| 30 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
| 31 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
| 32 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
| 33 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
| 34 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
| 35 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
| 36 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
| 37 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 38 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 39 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 40 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 41 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 42 * |
| 43 */ |
| 44 |
| 45 #ifdef HAVE_CONFIG_H |
| 46 #include <config.h> |
| 47 #endif |
| 48 |
| 49 #include "hmac.h" |
| 50 #include "alloc.h" |
| 51 #include <openssl/evp.h> |
| 52 |
| 53 #define HMAC_KEYLEN_MAX 20 |
| 54 |
| 55 /* the debug module for authentiation */ |
| 56 |
| 57 debug_module_t mod_hmac = { |
| 58 0, /* debugging is off by default */ |
| 59 "hmac sha-1 openssl" /* printable name for module */ |
| 60 }; |
| 61 |
| 62 |
| 63 err_status_t |
| 64 hmac_alloc (auth_t **a, int key_len, int out_len) |
| 65 { |
| 66 extern auth_type_t hmac; |
| 67 uint8_t *pointer; |
| 68 hmac_ctx_t *new_hmac_ctx; |
| 69 |
| 70 debug_print(mod_hmac, "allocating auth func with key length %d", key_len); |
| 71 debug_print(mod_hmac, " tag length %d", out_len); |
| 72 |
| 73 /* |
| 74 * check key length - note that we don't support keys larger |
| 75 * than 20 bytes yet |
| 76 */ |
| 77 if (key_len > HMAC_KEYLEN_MAX) { |
| 78 return err_status_bad_param; |
| 79 } |
| 80 |
| 81 /* check output length - should be less than 20 bytes */ |
| 82 if (out_len > HMAC_KEYLEN_MAX) { |
| 83 return err_status_bad_param; |
| 84 } |
| 85 |
| 86 /* allocate memory for auth and hmac_ctx_t structures */ |
| 87 pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); |
| 88 if (pointer == NULL) { |
| 89 return err_status_alloc_fail; |
| 90 } |
| 91 |
| 92 /* set pointers */ |
| 93 *a = (auth_t*)pointer; |
| 94 (*a)->type = &hmac; |
| 95 (*a)->state = pointer + sizeof(auth_t); |
| 96 (*a)->out_len = out_len; |
| 97 (*a)->key_len = key_len; |
| 98 (*a)->prefix_len = 0; |
| 99 new_hmac_ctx = (hmac_ctx_t*)((*a)->state); |
| 100 memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); |
| 101 |
| 102 /* increment global count of all hmac uses */ |
| 103 hmac.ref_count++; |
| 104 |
| 105 return err_status_ok; |
| 106 } |
| 107 |
| 108 err_status_t |
| 109 hmac_dealloc (auth_t *a) |
| 110 { |
| 111 extern auth_type_t hmac; |
| 112 hmac_ctx_t *hmac_ctx; |
| 113 |
| 114 hmac_ctx = (hmac_ctx_t*)a->state; |
| 115 if (hmac_ctx->ctx_initialized) { |
| 116 EVP_MD_CTX_cleanup(&hmac_ctx->ctx); |
| 117 } |
| 118 if (hmac_ctx->init_ctx_initialized) { |
| 119 EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); |
| 120 } |
| 121 |
| 122 /* zeroize entire state*/ |
| 123 octet_string_set_to_zero((uint8_t*)a, |
| 124 sizeof(hmac_ctx_t) + sizeof(auth_t)); |
| 125 |
| 126 /* free memory */ |
| 127 crypto_free(a); |
| 128 |
| 129 /* decrement global count of all hmac uses */ |
| 130 hmac.ref_count--; |
| 131 |
| 132 return err_status_ok; |
| 133 } |
| 134 |
| 135 err_status_t |
| 136 hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) |
| 137 { |
| 138 int i; |
| 139 uint8_t ipad[64]; |
| 140 |
| 141 /* |
| 142 * check key length - note that we don't support keys larger |
| 143 * than 20 bytes yet |
| 144 */ |
| 145 if (key_len > HMAC_KEYLEN_MAX) { |
| 146 return err_status_bad_param; |
| 147 } |
| 148 |
| 149 /* |
| 150 * set values of ipad and opad by exoring the key into the |
| 151 * appropriate constant values |
| 152 */ |
| 153 for (i = 0; i < key_len; i++) { |
| 154 ipad[i] = key[i] ^ 0x36; |
| 155 state->opad[i] = key[i] ^ 0x5c; |
| 156 } |
| 157 /* set the rest of ipad, opad to constant values */ |
| 158 for (; i < sizeof(ipad); i++) { |
| 159 ipad[i] = 0x36; |
| 160 ((uint8_t*)state->opad)[i] = 0x5c; |
| 161 } |
| 162 |
| 163 debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad)
)); |
| 164 |
| 165 /* initialize sha1 context */ |
| 166 sha1_init(&state->init_ctx); |
| 167 state->init_ctx_initialized = 1; |
| 168 |
| 169 /* hash ipad ^ key */ |
| 170 sha1_update(&state->init_ctx, ipad, sizeof(ipad)); |
| 171 return (hmac_start(state)); |
| 172 } |
| 173 |
| 174 err_status_t |
| 175 hmac_start (hmac_ctx_t *state) |
| 176 { |
| 177 if (state->ctx_initialized) { |
| 178 EVP_MD_CTX_cleanup(&state->ctx); |
| 179 } |
| 180 if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { |
| 181 return err_status_auth_fail; |
| 182 } else { |
| 183 state->ctx_initialized = 1; |
| 184 return err_status_ok; |
| 185 } |
| 186 } |
| 187 |
| 188 err_status_t |
| 189 hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) |
| 190 { |
| 191 debug_print(mod_hmac, "input: %s", |
| 192 octet_string_hex_string(message, msg_octets)); |
| 193 |
| 194 /* hash message into sha1 context */ |
| 195 sha1_update(&state->ctx, message, msg_octets); |
| 196 |
| 197 return err_status_ok; |
| 198 } |
| 199 |
| 200 err_status_t |
| 201 hmac_compute (hmac_ctx_t *state, const void *message, |
| 202 int msg_octets, int tag_len, uint8_t *result) |
| 203 { |
| 204 uint32_t hash_value[5]; |
| 205 uint32_t H[5]; |
| 206 int i; |
| 207 |
| 208 /* check tag length, return error if we can't provide the value expected */ |
| 209 if (tag_len > HMAC_KEYLEN_MAX) { |
| 210 return err_status_bad_param; |
| 211 } |
| 212 |
| 213 /* hash message, copy output into H */ |
| 214 sha1_update(&state->ctx, message, msg_octets); |
| 215 sha1_final(&state->ctx, H); |
| 216 |
| 217 /* |
| 218 * note that we don't need to debug_print() the input, since the |
| 219 * function hmac_update() already did that for us |
| 220 */ |
| 221 debug_print(mod_hmac, "intermediate state: %s", |
| 222 octet_string_hex_string((uint8_t*)H, sizeof(H))); |
| 223 |
| 224 /* re-initialize hash context */ |
| 225 sha1_init(&state->ctx); |
| 226 |
| 227 /* hash opad ^ key */ |
| 228 sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); |
| 229 |
| 230 /* hash the result of the inner hash */ |
| 231 sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); |
| 232 |
| 233 /* the result is returned in the array hash_value[] */ |
| 234 sha1_final(&state->ctx, hash_value); |
| 235 |
| 236 /* copy hash_value to *result */ |
| 237 for (i = 0; i < tag_len; i++) { |
| 238 result[i] = ((uint8_t*)hash_value)[i]; |
| 239 } |
| 240 |
| 241 debug_print(mod_hmac, "output: %s", |
| 242 octet_string_hex_string((uint8_t*)hash_value, tag_len)); |
| 243 |
| 244 return err_status_ok; |
| 245 } |
| 246 |
| 247 |
| 248 /* begin test case 0 */ |
| 249 |
| 250 uint8_t |
| 251 hmac_test_case_0_key[HMAC_KEYLEN_MAX] = { |
| 252 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 253 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, |
| 254 0x0b, 0x0b, 0x0b, 0x0b |
| 255 }; |
| 256 |
| 257 uint8_t |
| 258 hmac_test_case_0_data[8] = { |
| 259 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */ |
| 260 }; |
| 261 |
| 262 uint8_t |
| 263 hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = { |
| 264 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, |
| 265 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, |
| 266 0xf1, 0x46, 0xbe, 0x00 |
| 267 }; |
| 268 |
| 269 auth_test_case_t |
| 270 hmac_test_case_0 = { |
| 271 sizeof(hmac_test_case_0_key), /* octets in key */ |
| 272 hmac_test_case_0_key, /* key */ |
| 273 sizeof(hmac_test_case_0_data), /* octets in data */ |
| 274 hmac_test_case_0_data, /* data */ |
| 275 sizeof(hmac_test_case_0_tag), /* octets in tag */ |
| 276 hmac_test_case_0_tag, /* tag */ |
| 277 NULL /* pointer to next testcase */ |
| 278 }; |
| 279 |
| 280 /* end test case 0 */ |
| 281 |
| 282 char hmac_description[] = "hmac sha-1 authentication function"; |
| 283 |
| 284 /* |
| 285 * auth_type_t hmac is the hmac metaobject |
| 286 */ |
| 287 |
| 288 auth_type_t |
| 289 hmac = { |
| 290 (auth_alloc_func) hmac_alloc, |
| 291 (auth_dealloc_func) hmac_dealloc, |
| 292 (auth_init_func) hmac_init, |
| 293 (auth_compute_func) hmac_compute, |
| 294 (auth_update_func) hmac_update, |
| 295 (auth_start_func) hmac_start, |
| 296 (char*) hmac_description, |
| 297 (int) 0, /* instance count */ |
| 298 (auth_test_case_t*) &hmac_test_case_0, |
| 299 (debug_module_t*) &mod_hmac, |
| 300 (auth_type_id_t) HMAC_SHA1 |
| 301 }; |
| 302 |
OLD | NEW |