2
0

hmac.c 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. /*
  2. * hmac.c
  3. *
  4. * implementation of hmac srtp_auth_type_t
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright(c) 2001-2017 Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifdef HAVE_CONFIG_H
  45. #include <config.h>
  46. #endif
  47. #include "hmac.h"
  48. #include "alloc.h"
  49. #include "cipher_types.h"
  50. #include "auth_test_cases.h"
  51. /* the debug module for authentiation */
  52. srtp_debug_module_t srtp_mod_hmac = {
  53. 0, /* debugging is off by default */
  54. "hmac sha-1" /* printable name for module */
  55. };
  56. static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
  57. int key_len,
  58. int out_len)
  59. {
  60. extern const srtp_auth_type_t srtp_hmac;
  61. uint8_t *pointer;
  62. debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
  63. key_len);
  64. debug_print(srtp_mod_hmac, " tag length %d",
  65. out_len);
  66. /*
  67. * check key length - note that we don't support keys larger
  68. * than 20 bytes yet
  69. */
  70. if (key_len > 20) {
  71. return srtp_err_status_bad_param;
  72. }
  73. /* check output length - should be less than 20 bytes */
  74. if (out_len > 20) {
  75. return srtp_err_status_bad_param;
  76. }
  77. /* allocate memory for auth and srtp_hmac_ctx_t structures */
  78. pointer = (uint8_t *)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) +
  79. sizeof(srtp_auth_t));
  80. if (pointer == NULL) {
  81. return srtp_err_status_alloc_fail;
  82. }
  83. /* set pointers */
  84. *a = (srtp_auth_t *)pointer;
  85. (*a)->type = &srtp_hmac;
  86. (*a)->state = pointer + sizeof(srtp_auth_t);
  87. (*a)->out_len = out_len;
  88. (*a)->key_len = key_len;
  89. (*a)->prefix_len = 0;
  90. return srtp_err_status_ok;
  91. }
  92. static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
  93. {
  94. /* zeroize entire state*/
  95. octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
  96. /* free memory */
  97. srtp_crypto_free(a);
  98. return srtp_err_status_ok;
  99. }
  100. static srtp_err_status_t srtp_hmac_init(void *statev,
  101. const uint8_t *key,
  102. int key_len)
  103. {
  104. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  105. int i;
  106. uint8_t ipad[64];
  107. /*
  108. * check key length - note that we don't support keys larger
  109. * than 20 bytes yet
  110. */
  111. if (key_len > 20) {
  112. return srtp_err_status_bad_param;
  113. }
  114. /*
  115. * set values of ipad and opad by exoring the key into the
  116. * appropriate constant values
  117. */
  118. for (i = 0; i < key_len; i++) {
  119. ipad[i] = key[i] ^ 0x36;
  120. state->opad[i] = key[i] ^ 0x5c;
  121. }
  122. /* set the rest of ipad, opad to constant values */
  123. for (; i < 64; i++) {
  124. ipad[i] = 0x36;
  125. ((uint8_t *)state->opad)[i] = 0x5c;
  126. }
  127. debug_print(srtp_mod_hmac, "ipad: %s",
  128. srtp_octet_string_hex_string(ipad, 64));
  129. /* initialize sha1 context */
  130. srtp_sha1_init(&state->init_ctx);
  131. /* hash ipad ^ key */
  132. srtp_sha1_update(&state->init_ctx, ipad, 64);
  133. memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
  134. return srtp_err_status_ok;
  135. }
  136. static srtp_err_status_t srtp_hmac_start(void *statev)
  137. {
  138. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  139. memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
  140. return srtp_err_status_ok;
  141. }
  142. static srtp_err_status_t srtp_hmac_update(void *statev,
  143. const uint8_t *message,
  144. int msg_octets)
  145. {
  146. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  147. debug_print(srtp_mod_hmac, "input: %s",
  148. srtp_octet_string_hex_string(message, msg_octets));
  149. /* hash message into sha1 context */
  150. srtp_sha1_update(&state->ctx, message, msg_octets);
  151. return srtp_err_status_ok;
  152. }
  153. static srtp_err_status_t srtp_hmac_compute(void *statev,
  154. const uint8_t *message,
  155. int msg_octets,
  156. int tag_len,
  157. uint8_t *result)
  158. {
  159. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  160. uint32_t hash_value[5];
  161. uint32_t H[5];
  162. int i;
  163. /* check tag length, return error if we can't provide the value expected */
  164. if (tag_len > 20) {
  165. return srtp_err_status_bad_param;
  166. }
  167. /* hash message, copy output into H */
  168. srtp_hmac_update(state, message, msg_octets);
  169. srtp_sha1_final(&state->ctx, H);
  170. /*
  171. * note that we don't need to debug_print() the input, since the
  172. * function hmac_update() already did that for us
  173. */
  174. debug_print(srtp_mod_hmac, "intermediate state: %s",
  175. srtp_octet_string_hex_string((uint8_t *)H, 20));
  176. /* re-initialize hash context */
  177. srtp_sha1_init(&state->ctx);
  178. /* hash opad ^ key */
  179. srtp_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
  180. /* hash the result of the inner hash */
  181. srtp_sha1_update(&state->ctx, (uint8_t *)H, 20);
  182. /* the result is returned in the array hash_value[] */
  183. srtp_sha1_final(&state->ctx, hash_value);
  184. /* copy hash_value to *result */
  185. for (i = 0; i < tag_len; i++) {
  186. result[i] = ((uint8_t *)hash_value)[i];
  187. }
  188. debug_print(srtp_mod_hmac, "output: %s",
  189. srtp_octet_string_hex_string((uint8_t *)hash_value, tag_len));
  190. return srtp_err_status_ok;
  191. }
  192. static const char srtp_hmac_description[] =
  193. "hmac sha-1 authentication function";
  194. /*
  195. * srtp_auth_type_t hmac is the hmac metaobject
  196. */
  197. const srtp_auth_type_t srtp_hmac = {
  198. srtp_hmac_alloc, /* */
  199. srtp_hmac_dealloc, /* */
  200. srtp_hmac_init, /* */
  201. srtp_hmac_compute, /* */
  202. srtp_hmac_update, /* */
  203. srtp_hmac_start, /* */
  204. srtp_hmac_description, /* */
  205. &srtp_hmac_test_case_0, /* */
  206. SRTP_HMAC_SHA1 /* */
  207. };