crypto_hmac.cc 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. // Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
  2. //
  3. // Permission to use, copy, modify, and/or distribute this software for any
  4. // purpose with or without fee is hereby granted, provided that the above
  5. // copyright notice and this permission notice appear in all copies.
  6. //
  7. // THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  8. // REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  9. // AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  10. // INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  11. // LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  12. // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  13. // PERFORMANCE OF THIS SOFTWARE.
  14. #include <cryptolink.h>
  15. #include <cryptolink/crypto_hmac.h>
  16. #include <boost/scoped_ptr.hpp>
  17. #include <botan/version.h>
  18. #include <botan/botan.h>
  19. #include <botan/hmac.h>
  20. #include <botan/hash.h>
  21. #include <botan/types.h>
  22. namespace {
  23. const char*
  24. getBotanHashAlgorithmName(isc::cryptolink::HashAlgorithm algorithm) {
  25. switch (algorithm) {
  26. case isc::cryptolink::MD5:
  27. return ("MD5");
  28. break;
  29. case isc::cryptolink::SHA1:
  30. return ("SHA-1");
  31. break;
  32. case isc::cryptolink::SHA256:
  33. return ("SHA-256");
  34. break;
  35. case isc::cryptolink::SHA224:
  36. return ("SHA-224");
  37. break;
  38. case isc::cryptolink::SHA384:
  39. return ("SHA-384");
  40. break;
  41. case isc::cryptolink::SHA512:
  42. return ("SHA-512");
  43. break;
  44. case isc::cryptolink::UNKNOWN_HASH:
  45. return ("Unknown");
  46. break;
  47. }
  48. // compiler should have prevented us to reach this, since we have
  49. // no default. But we need a return value anyway
  50. return ("Unknown");
  51. }
  52. } // local namespace
  53. namespace isc {
  54. namespace cryptolink {
  55. class HMACImpl {
  56. public:
  57. explicit HMACImpl(const void* secret, size_t secret_len,
  58. const HashAlgorithm hash_algorithm) {
  59. Botan::HashFunction* hash;
  60. try {
  61. hash = Botan::get_hash(
  62. getBotanHashAlgorithmName(hash_algorithm));
  63. } catch (const Botan::Algorithm_Not_Found&) {
  64. isc_throw(isc::cryptolink::UnsupportedAlgorithm,
  65. "Unknown hash algorithm: " <<
  66. static_cast<int>(hash_algorithm));
  67. } catch (const Botan::Exception& exc) {
  68. isc_throw(isc::cryptolink::LibraryError, exc.what());
  69. }
  70. hmac_.reset(new Botan::HMAC(hash));
  71. // If the key length is larger than the block size, we hash the
  72. // key itself first.
  73. try {
  74. // use a temp var so we don't have blocks spanning
  75. // preprocessor directives
  76. #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,0)
  77. size_t block_length = hash->hash_block_size();
  78. #elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
  79. size_t block_length = hash->HASH_BLOCK_SIZE;
  80. #else
  81. #error "Unsupported Botan version (need 1.8 or higher)"
  82. // added to suppress irrelevant compiler errors
  83. size_t block_length = 0;
  84. #endif
  85. if (secret_len > block_length) {
  86. Botan::SecureVector<Botan::byte> hashed_key =
  87. hash->process(static_cast<const Botan::byte*>(secret),
  88. secret_len);
  89. hmac_->set_key(hashed_key.begin(), hashed_key.size());
  90. } else {
  91. // Botan 1.8 considers len 0 a bad key. 1.9 does not,
  92. // but we won't accept it anyway, and fail early
  93. if (secret_len == 0) {
  94. isc_throw(BadKey, "Bad HMAC secret length: 0");
  95. }
  96. hmac_->set_key(static_cast<const Botan::byte*>(secret),
  97. secret_len);
  98. }
  99. } catch (const Botan::Invalid_Key_Length& ikl) {
  100. isc_throw(BadKey, ikl.what());
  101. } catch (const Botan::Exception& exc) {
  102. isc_throw(isc::cryptolink::LibraryError, exc.what());
  103. }
  104. }
  105. ~HMACImpl() { }
  106. size_t getOutputLength() const {
  107. #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,0)
  108. return (hmac_->output_length());
  109. #elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
  110. return (hmac_->OUTPUT_LENGTH);
  111. #else
  112. #error "Unsupported Botan version (need 1.8 or higher)"
  113. // added to suppress irrelevant compiler errors
  114. return 0;
  115. #endif
  116. }
  117. void update(const void* data, const size_t len) {
  118. try {
  119. hmac_->update(static_cast<const Botan::byte*>(data), len);
  120. } catch (const Botan::Exception& exc) {
  121. isc_throw(isc::cryptolink::LibraryError, exc.what());
  122. }
  123. }
  124. void sign(isc::util::OutputBuffer& result, size_t len) {
  125. try {
  126. Botan::SecureVector<Botan::byte> b_result(hmac_->final());
  127. if (len == 0 || len > b_result.size()) {
  128. len = b_result.size();
  129. }
  130. result.writeData(b_result.begin(), len);
  131. } catch (const Botan::Exception& exc) {
  132. isc_throw(isc::cryptolink::LibraryError, exc.what());
  133. }
  134. }
  135. void sign(void* result, size_t len) {
  136. try {
  137. Botan::SecureVector<Botan::byte> b_result(hmac_->final());
  138. size_t output_size = getOutputLength();
  139. if (output_size > len) {
  140. output_size = len;
  141. }
  142. memcpy(result, b_result.begin(), output_size);
  143. } catch (const Botan::Exception& exc) {
  144. isc_throw(isc::cryptolink::LibraryError, exc.what());
  145. }
  146. }
  147. std::vector<uint8_t> sign(size_t len) {
  148. try {
  149. Botan::SecureVector<Botan::byte> b_result(hmac_->final());
  150. if (len == 0 || len > b_result.size()) {
  151. return (std::vector<uint8_t>(b_result.begin(), b_result.end()));
  152. } else {
  153. return (std::vector<uint8_t>(b_result.begin(), &b_result[len]));
  154. }
  155. } catch (const Botan::Exception& exc) {
  156. isc_throw(isc::cryptolink::LibraryError, exc.what());
  157. }
  158. }
  159. bool verify(const void* sig, size_t len) {
  160. // Botan's verify_mac checks if len matches the output_length,
  161. // which causes it to fail for truncated signatures, so we do
  162. // the check ourselves
  163. // SEE BELOW FOR TEMPORARY CHANGE
  164. try {
  165. Botan::SecureVector<Botan::byte> our_mac = hmac_->final();
  166. if (len < getOutputLength()) {
  167. // Currently we don't support truncated signature in TSIG (see
  168. // #920). To avoid validating too short signature accidently,
  169. // we enforce the standard signature size for the moment.
  170. // Once we support truncation correctly, this if-clause should
  171. // (and the capitalized comment above) be removed.
  172. return (false);
  173. }
  174. if (len == 0 || len > getOutputLength()) {
  175. len = getOutputLength();
  176. }
  177. return (Botan::same_mem(&our_mac[0],
  178. static_cast<const unsigned char*>(sig),
  179. len));
  180. } catch (const Botan::Exception& exc) {
  181. isc_throw(isc::cryptolink::LibraryError, exc.what());
  182. }
  183. }
  184. private:
  185. boost::scoped_ptr<Botan::HMAC> hmac_;
  186. };
  187. HMAC::HMAC(const void* secret, size_t secret_length,
  188. const HashAlgorithm hash_algorithm)
  189. {
  190. impl_ = new HMACImpl(secret, secret_length, hash_algorithm);
  191. }
  192. HMAC::~HMAC() {
  193. delete impl_;
  194. }
  195. size_t
  196. HMAC::getOutputLength() const {
  197. return (impl_->getOutputLength());
  198. }
  199. void
  200. HMAC::update(const void* data, const size_t len) {
  201. impl_->update(data, len);
  202. }
  203. void
  204. HMAC::sign(isc::util::OutputBuffer& result, size_t len) {
  205. impl_->sign(result, len);
  206. }
  207. void
  208. HMAC::sign(void* result, size_t len) {
  209. impl_->sign(result, len);
  210. }
  211. std::vector<uint8_t>
  212. HMAC::sign(size_t len) {
  213. return impl_->sign(len);
  214. }
  215. bool
  216. HMAC::verify(const void* sig, const size_t len) {
  217. return (impl_->verify(sig, len));
  218. }
  219. void
  220. signHMAC(const void* data, const size_t data_len, const void* secret,
  221. size_t secret_len, const HashAlgorithm hash_algorithm,
  222. isc::util::OutputBuffer& result, size_t len)
  223. {
  224. boost::scoped_ptr<HMAC> hmac(
  225. CryptoLink::getCryptoLink().createHMAC(secret,
  226. secret_len,
  227. hash_algorithm));
  228. hmac->update(data, data_len);
  229. hmac->sign(result, len);
  230. }
  231. bool
  232. verifyHMAC(const void* data, const size_t data_len, const void* secret,
  233. size_t secret_len, const HashAlgorithm hash_algorithm,
  234. const void* sig, const size_t sig_len)
  235. {
  236. boost::scoped_ptr<HMAC> hmac(
  237. CryptoLink::getCryptoLink().createHMAC(secret,
  238. secret_len,
  239. hash_algorithm));
  240. hmac->update(data, data_len);
  241. return (hmac->verify(sig, sig_len));
  242. }
  243. void
  244. deleteHMAC(HMAC* hmac) {
  245. delete hmac;
  246. }
  247. } // namespace cryptolink
  248. } // namespace isc