Accueil Explorer Aide
Connexion
zorun
/
kea
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: f2edfc32fc
Branches Tags
kea
/
src
/
lib
/
cryptolink
/
openssl_hmac.cc

openssl_hmac.cc 6.1 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223 
  1. // Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
    2. 

  2. //
    3. 

  3. // This Source Code Form is subject to the terms of the Mozilla Public
    4. 

  4. // License, v. 2.0. If a copy of the MPL was not distributed with this
    5. 

  5. // file, You can obtain one at http://mozilla.org/MPL/2.0/.
    6. 

  6. 

  7. #include <cryptolink.h>
    8. 

  8. #include <cryptolink/crypto_hmac.h>
    9. 

  9. 

  10. #include <boost/scoped_ptr.hpp>
    11. 

  11. 

  12. #include <openssl/hmac.h>
    13. 

  13. 

  14. #include <cryptolink/openssl_common.h>
    15. 

  15. #define KEA_HMAC
    16. 

  16. #include <cryptolink/openssl_compat.h>
    17. 

  17. 

  18. #include <cstring>
    19. 

  19. 

  20. namespace isc {
    21. 

  21. namespace cryptolink {
    22. 

  22. 

  23. /// @brief OpenSSL implementation of HMAC. Each method is the counterpart
    24. 

  24. /// of the HMAC corresponding method.
    25. 

  25. class HMACImpl {
    26. 

  26. public:
    27. 

  27.     /// @brief Constructor from a secret and a hash algorithm
    28. 

  28.     ///
    29. 

  29.     /// See constructor of the @ref isc::cryptolink::HMAC class for details.
    30. 

  30.     ///
    31. 

  31.     /// @param secret The secret to sign with
    32. 

  32.     /// @param secret_len The length of the secret
    33. 

  33.     /// @param hash_algorithm The hash algorithm
    34. 

  34.     explicit HMACImpl(const void* secret, size_t secret_len,
    35. 

  35.                       const HashAlgorithm hash_algorithm)
    36. 

  36.     : hash_algorithm_(hash_algorithm), md_() {
    37. 

  37.         const EVP_MD* algo = ossl::getHashAlgorithm(hash_algorithm);
    38. 

  38.         if (algo == 0) {
    39. 

  39.             isc_throw(UnsupportedAlgorithm,
    40. 

  40.                       "Unknown hash algorithm: " <<
    41. 

  41.                       static_cast<int>(hash_algorithm));
    42. 

  42.         }
    43. 

  43.         if (secret_len == 0) {
    44. 

  44.             isc_throw(BadKey, "Bad HMAC secret length: 0");
    45. 

  45.         }
    46. 

  46. 

  47.         md_ = HMAC_CTX_new();
    48. 

  48.         if (md_ == 0) {
    49. 

  49.             isc_throw(LibraryError, "HMAC_CTX_new");
    50. 

  50.         }
    51. 

  51. 

  52.         if (!HMAC_Init_ex(md_, secret,
    53. 

  53.                           static_cast<int>(secret_len),
    54. 

  54.                           algo, NULL)) {
    55. 

  55.             isc_throw(LibraryError, "HMAC_Init_ex");
    56. 

  56.         }
    57. 

  57.     }
    58. 

  58. 

  59.     /// @brief Destructor
    60. 

  60.     ~HMACImpl() {
    61. 

  61.         if (md_) {
    62. 

  62.             HMAC_CTX_free(md_);
    63. 

  63.         }
    64. 

  64.         md_ = 0;
    65. 

  65.     }
    66. 

  66. 

  67.     /// @brief Returns the HashAlgorithm of the object
    68. 

  68.     HashAlgorithm getHashAlgorithm() const {
    69. 

  69.         return (hash_algorithm_);
    70. 

  70.     }
    71. 

  71. 

  72.     /// @brief Returns the output size of the digest
    73. 

  73.     ///
    74. 

  74.     /// @return output size of the digest
    75. 

  75.     size_t getOutputLength() const {
    76. 

  76.         int size = HMAC_size(md_);
    77. 

  77.         if (size < 0) {
    78. 

  78.             isc_throw(LibraryError, "HMAC_size");
    79. 

  79.         }
    80. 

  80.         return (static_cast<size_t>(size));
    81. 

  81.     }
    82. 

  82. 

  83.     /// @brief Add data to digest
    84. 

  84.     ///
    85. 

  85.     /// See @ref isc::cryptolink::HMAC::update() for details.
    86. 

  86.     void update(const void* data, const size_t len) {
    87. 

  87.         if (!HMAC_Update(md_,
    88. 

  88.                          static_cast<const unsigned char*>(data),
    89. 

  89.                          len)) {
    90. 

  90.             isc_throw(LibraryError, "HMAC_Update");
    91. 

  91.         }
    92. 

  92.     }
    93. 

  93. 

  94.     /// @brief Calculate the final signature
    95. 

  95.     ///
    96. 

  96.     /// See @ref isc::cryptolink::HMAC::sign() for details.
    97. 

  97.     void sign(isc::util::OutputBuffer& result, size_t len) {
    98. 

  98.         size_t size = getOutputLength();
    99. 

  99.         ossl::SecBuf<unsigned char> digest(size);
    100. 

  100.         if (!HMAC_Final(md_, &digest[0], NULL)) {
    101. 

  101.             isc_throw(LibraryError, "HMAC_Final");
    102. 

  102.         }
    103. 

  103.         if (len > size) {
    104. 

  104.             len = size;
    105. 

  105.         }
    106. 

  106.         result.writeData(&digest[0], len);
    107. 

  107.     }
    108. 

  108. 

  109.     /// @brief Calculate the final signature
    110. 

  110.     ///
    111. 

  111.     /// See @ref isc::cryptolink::HMAC::sign() for details.
    112. 

  112.     void sign(void* result, size_t len) {
    113. 

  113.         size_t size = getOutputLength();
    114. 

  114.         ossl::SecBuf<unsigned char> digest(size);
    115. 

  115.         if (!HMAC_Final(md_, &digest[0], NULL)) {
    116. 

  116.             isc_throw(LibraryError, "HMAC_Final");
    117. 

  117.         }
    118. 

  118.         if (len > size) {
    119. 

  119.             len = size;
    120. 

  120.         }
    121. 

  121.         std::memcpy(result, &digest[0], len);
    122. 

  122.     }
    123. 

  123. 

  124.     /// @brief Calculate the final signature
    125. 

  125.     ///
    126. 

  126.     /// See @ref isc::cryptolink::HMAC::sign() for details.
    127. 

  127.     std::vector<uint8_t> sign(size_t len) {
    128. 

  128.         size_t size = getOutputLength();
    129. 

  129.         ossl::SecBuf<unsigned char> digest(size);
    130. 

  130.         if (!HMAC_Final(md_, &digest[0], NULL)) {
    131. 

  131.             isc_throw(LibraryError, "HMAC_Final");
    132. 

  132.         }
    133. 

  133.         if (len < size) {
    134. 

  134.             digest.resize(len);
    135. 

  135.         }
    136. 

  136.         return (std::vector<uint8_t>(digest.begin(), digest.end()));
    137. 

  137.     }
    138. 

  138. 

  139.     /// @brief Verify an existing signature
    140. 

  140.     ///
    141. 

  141.     /// See @ref isc::cryptolink::HMAC::verify() for details.
    142. 

  142.     bool verify(const void* sig, size_t len) {
    143. 

  143.         // Check the length
    144. 

  144.         size_t size = getOutputLength();
    145. 

  145.         if (len < 10 || len < size / 2) {
    146. 

  146.             return (false);
    147. 

  147.         }
    148. 

  148.         // Get the digest from a copy of the context
    149. 

  149.         HMAC_CTX* tmp = HMAC_CTX_new();
    150. 

  150.         if (tmp == 0) {
    151. 

  151.             isc_throw(LibraryError, "HMAC_CTX_new");
    152. 

  152.         }
    153. 

  153.         if (!HMAC_CTX_copy(tmp, md_)) {
    154. 

  154.             HMAC_CTX_free(tmp);
    155. 

  155.             isc_throw(LibraryError, "HMAC_CTX_copy");
    156. 

  156.         }
    157. 

  157.         ossl::SecBuf<unsigned char> digest(size);
    158. 

  158.         if (!HMAC_Final(tmp, &digest[0], NULL)) {
    159. 

  159.             HMAC_CTX_free(tmp);
    160. 

  160.             isc_throw(LibraryError, "HMAC_Final");
    161. 

  161.         }
    162. 

  162.         HMAC_CTX_free(tmp);
    163. 

  163.         if (len > size) {
    164. 

  164.             len = size;
    165. 

  165.         }
    166. 

  166.         return (digest.same(sig, len));
    167. 

  167.     }
    168. 

  168. 

  169. private:
    170. 

  170.     /// @brief The hash algorithm
    171. 

  171.     HashAlgorithm hash_algorithm_;
    172. 

  172. 

  173.     /// @brief The protected pointer to the OpenSSL HMAC_CTX structure
    174. 

  174.     HMAC_CTX* md_;
    175. 

  175. };
    176. 

  176. 

  177. HMAC::HMAC(const void* secret, size_t secret_length,
    178. 

  178.            const HashAlgorithm hash_algorithm)
    179. 

  179. {
    180. 

  180.     impl_ = new HMACImpl(secret, secret_length, hash_algorithm);
    181. 

  181. }
    182. 

  182. 

  183. HMAC::~HMAC() {
    184. 

  184.     delete impl_;
    185. 

  185. }
    186. 

  186. 

  187. HashAlgorithm
    188. 

  188. HMAC::getHashAlgorithm() const {
    189. 

  189.     return (impl_->getHashAlgorithm());
    190. 

  190. }
    191. 

  191. 

  192. size_t
    193. 

  193. HMAC::getOutputLength() const {
    194. 

  194.     return (impl_->getOutputLength());
    195. 

  195. }
    196. 

  196. 

  197. void
    198. 

  198. HMAC::update(const void* data, const size_t len) {
    199. 

  199.     impl_->update(data, len);
    200. 

  200. }
    201. 

  201. 

  202. void
    203. 

  203. HMAC::sign(isc::util::OutputBuffer& result, size_t len) {
    204. 

  204.     impl_->sign(result, len);
    205. 

  205. }
    206. 

  206. 

  207. void
    208. 

  208. HMAC::sign(void* result, size_t len) {
    209. 

  209.     impl_->sign(result, len);
    210. 

  210. }
    211. 

  211. 

  212. std::vector<uint8_t>
    213. 

  213. HMAC::sign(size_t len) {
    214. 

  214.     return impl_->sign(len);
    215. 

  215. }
    216. 

  216. 

  217. bool
    218. 

  218. HMAC::verify(const void* sig, const size_t len) {
    219. 

  219.     return (impl_->verify(sig, len));
    220. 

  220. }
    221. 

  221. 

  222. } // namespace cryptolink
    223. 

  223. } // namespace isc
    224.