2
0

hmac_mbedtls.c 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221
  1. /*
  2. * hmac_mbedtls.c
  3. *
  4. * Implementation of hmac srtp_auth_type_t that leverages Mbedtls
  5. *
  6. * YongCheng Yang
  7. */
  8. /*
  9. *
  10. * Copyright(c) 2013-2017, Cisco Systems, Inc.
  11. * All rights reserved.
  12. *
  13. * Redistribution and use in source and binary forms, with or without
  14. * modification, are permitted provided that the following conditions
  15. * are met:
  16. *
  17. * Redistributions of source code must retain the above copyright
  18. * notice, this list of conditions and the following disclaimer.
  19. *
  20. * Redistributions in binary form must reproduce the above
  21. * copyright notice, this list of conditions and the following
  22. * disclaimer in the documentation and/or other materials provided
  23. * with the distribution.
  24. *
  25. * Neither the name of the Cisco Systems, Inc. nor the names of its
  26. * contributors may be used to endorse or promote products derived
  27. * from this software without specific prior written permission.
  28. *
  29. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  30. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  31. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  32. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  33. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  34. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  35. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  36. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  37. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  38. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  39. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  40. * OF THE POSSIBILITY OF SUCH DAMAGE.
  41. *
  42. */
  43. #ifdef HAVE_CONFIG_H
  44. #include <config.h>
  45. #endif
  46. #include "auth.h"
  47. #include "alloc.h"
  48. #include "err.h" /* for srtp_debug */
  49. #include "auth_test_cases.h"
  50. #include <mbedtls/md.h>
  51. #define SHA1_DIGEST_SIZE 20
  52. /* the debug module for authentiation */
  53. srtp_debug_module_t srtp_mod_hmac = {
  54. 0, /* debugging is off by default */
  55. "hmac sha-1 mbedtls" /* printable name for module */
  56. };
  57. static srtp_err_status_t srtp_hmac_mbedtls_alloc(srtp_auth_t **a,
  58. int key_len,
  59. int out_len)
  60. {
  61. extern const srtp_auth_type_t srtp_hmac;
  62. debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
  63. key_len);
  64. debug_print(srtp_mod_hmac, " tag length %d",
  65. out_len);
  66. /* check output length - should be less than 20 bytes */
  67. if (key_len > SHA1_DIGEST_SIZE) {
  68. return srtp_err_status_bad_param;
  69. }
  70. /* check output length - should be less than 20 bytes */
  71. if (out_len > SHA1_DIGEST_SIZE) {
  72. return srtp_err_status_bad_param;
  73. }
  74. *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
  75. if (*a == NULL) {
  76. return srtp_err_status_alloc_fail;
  77. }
  78. // allocate the buffer of mbedtls context.
  79. (*a)->state = srtp_crypto_alloc(sizeof(mbedtls_md_context_t));
  80. if ((*a)->state == NULL) {
  81. srtp_crypto_free(*a);
  82. *a = NULL;
  83. return srtp_err_status_alloc_fail;
  84. }
  85. mbedtls_md_init((mbedtls_md_context_t *)(*a)->state);
  86. /* set pointers */
  87. (*a)->type = &srtp_hmac;
  88. (*a)->out_len = out_len;
  89. (*a)->key_len = key_len;
  90. (*a)->prefix_len = 0;
  91. return srtp_err_status_ok;
  92. }
  93. static srtp_err_status_t srtp_hmac_mbedtls_dealloc(srtp_auth_t *a)
  94. {
  95. mbedtls_md_context_t *hmac_ctx;
  96. hmac_ctx = (mbedtls_md_context_t *)a->state;
  97. mbedtls_md_free(hmac_ctx);
  98. srtp_crypto_free(hmac_ctx);
  99. /* zeroize entire state*/
  100. octet_string_set_to_zero(a, sizeof(srtp_auth_t));
  101. /* free memory */
  102. srtp_crypto_free(a);
  103. return srtp_err_status_ok;
  104. }
  105. static srtp_err_status_t srtp_hmac_mbedtls_start(void *statev)
  106. {
  107. mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev;
  108. if (mbedtls_md_hmac_reset(state) != 0)
  109. return srtp_err_status_auth_fail;
  110. return srtp_err_status_ok;
  111. }
  112. static srtp_err_status_t srtp_hmac_mbedtls_init(void *statev,
  113. const uint8_t *key,
  114. int key_len)
  115. {
  116. mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev;
  117. const mbedtls_md_info_t *info = NULL;
  118. info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1);
  119. if (info == NULL)
  120. return srtp_err_status_auth_fail;
  121. if (mbedtls_md_setup(state, info, 1) != 0)
  122. return srtp_err_status_auth_fail;
  123. debug_print(srtp_mod_hmac, "mbedtls setup, name: %s",
  124. mbedtls_md_get_name(info));
  125. debug_print(srtp_mod_hmac, "mbedtls setup, size: %d",
  126. mbedtls_md_get_size(info));
  127. if (mbedtls_md_hmac_starts(state, key, key_len) != 0)
  128. return srtp_err_status_auth_fail;
  129. return srtp_err_status_ok;
  130. }
  131. static srtp_err_status_t srtp_hmac_mbedtls_update(void *statev,
  132. const uint8_t *message,
  133. int msg_octets)
  134. {
  135. mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev;
  136. debug_print(srtp_mod_hmac, "input: %s",
  137. srtp_octet_string_hex_string(message, msg_octets));
  138. if (mbedtls_md_hmac_update(state, message, msg_octets) != 0)
  139. return srtp_err_status_auth_fail;
  140. return srtp_err_status_ok;
  141. }
  142. static srtp_err_status_t srtp_hmac_mbedtls_compute(void *statev,
  143. const uint8_t *message,
  144. int msg_octets,
  145. int tag_len,
  146. uint8_t *result)
  147. {
  148. mbedtls_md_context_t *state = (mbedtls_md_context_t *)statev;
  149. uint8_t hash_value[SHA1_DIGEST_SIZE];
  150. int i;
  151. /* check tag length, return error if we can't provide the value expected */
  152. if (tag_len > SHA1_DIGEST_SIZE) {
  153. return srtp_err_status_bad_param;
  154. }
  155. /* hash message, copy output into H */
  156. if (mbedtls_md_hmac_update(statev, message, msg_octets) != 0)
  157. return srtp_err_status_auth_fail;
  158. if (mbedtls_md_hmac_finish(state, hash_value) != 0)
  159. return srtp_err_status_auth_fail;
  160. /* copy hash_value to *result */
  161. for (i = 0; i < tag_len; i++) {
  162. result[i] = hash_value[i];
  163. }
  164. debug_print(srtp_mod_hmac, "output: %s",
  165. srtp_octet_string_hex_string(hash_value, tag_len));
  166. return srtp_err_status_ok;
  167. }
  168. /* end test case 0 */
  169. static const char srtp_hmac_mbedtls_description[] =
  170. "hmac sha-1 authentication function using mbedtls";
  171. /*
  172. * srtp_auth_type_t hmac is the hmac metaobject
  173. */
  174. const srtp_auth_type_t srtp_hmac = {
  175. srtp_hmac_mbedtls_alloc, /* */
  176. srtp_hmac_mbedtls_dealloc, /* */
  177. srtp_hmac_mbedtls_init, /* */
  178. srtp_hmac_mbedtls_compute, /* */
  179. srtp_hmac_mbedtls_update, /* */
  180. srtp_hmac_mbedtls_start, /* */
  181. srtp_hmac_mbedtls_description, /* */
  182. &srtp_hmac_test_case_0, /* */
  183. SRTP_HMAC_SHA1 /* */
  184. };