2
0

hmac_nss.c 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290
  1. /*
  2. *
  3. * Copyright(c) 2013-2017, Cisco Systems, Inc.
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without
  7. * modification, are permitted provided that the following conditions
  8. * are met:
  9. *
  10. * Redistributions of source code must retain the above copyright
  11. * notice, this list of conditions and the following disclaimer.
  12. *
  13. * Redistributions in binary form must reproduce the above
  14. * copyright notice, this list of conditions and the following
  15. * disclaimer in the documentation and/or other materials provided
  16. * with the distribution.
  17. *
  18. * Neither the name of the Cisco Systems, Inc. nor the names of its
  19. * contributors may be used to endorse or promote products derived
  20. * from this software without specific prior written permission.
  21. *
  22. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  23. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  24. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  25. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  26. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  27. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  28. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  29. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  30. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  31. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  32. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  33. * OF THE POSSIBILITY OF SUCH DAMAGE.
  34. *
  35. */
  36. #ifdef HAVE_CONFIG_H
  37. #include <config.h>
  38. #endif
  39. #include "auth.h"
  40. #include "alloc.h"
  41. #include "err.h" /* for srtp_debug */
  42. #include "auth_test_cases.h"
  43. #define NSS_PKCS11_2_0_COMPAT 1
  44. #include <nss.h>
  45. #include <pk11pub.h>
  46. #define SHA1_DIGEST_SIZE 20
  47. /* the debug module for authentiation */
  48. srtp_debug_module_t srtp_mod_hmac = {
  49. 0, /* debugging is off by default */
  50. "hmac sha-1 nss" /* printable name for module */
  51. };
  52. typedef struct {
  53. NSSInitContext *nss;
  54. PK11SymKey *key;
  55. PK11Context *ctx;
  56. } srtp_hmac_nss_ctx_t;
  57. static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
  58. int key_len,
  59. int out_len)
  60. {
  61. extern const srtp_auth_type_t srtp_hmac;
  62. srtp_hmac_nss_ctx_t *hmac;
  63. NSSInitContext *nss;
  64. debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
  65. key_len);
  66. debug_print(srtp_mod_hmac, " tag length %d",
  67. out_len);
  68. /* check output length - should be less than 20 bytes */
  69. if (out_len > SHA1_DIGEST_SIZE) {
  70. return srtp_err_status_bad_param;
  71. }
  72. /* Initialize NSS equiv of NSS_NoDB_Init(NULL) */
  73. nss = NSS_InitContext("", "", "", "", NULL,
  74. NSS_INIT_READONLY | NSS_INIT_NOCERTDB |
  75. NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN |
  76. NSS_INIT_OPTIMIZESPACE);
  77. if (!nss) {
  78. return srtp_err_status_auth_fail;
  79. }
  80. *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
  81. if (*a == NULL) {
  82. NSS_ShutdownContext(nss);
  83. return srtp_err_status_alloc_fail;
  84. }
  85. hmac =
  86. (srtp_hmac_nss_ctx_t *)srtp_crypto_alloc(sizeof(srtp_hmac_nss_ctx_t));
  87. if (hmac == NULL) {
  88. NSS_ShutdownContext(nss);
  89. srtp_crypto_free(*a);
  90. *a = NULL;
  91. return srtp_err_status_alloc_fail;
  92. }
  93. hmac->nss = nss;
  94. hmac->key = NULL;
  95. hmac->ctx = NULL;
  96. /* set pointers */
  97. (*a)->state = hmac;
  98. (*a)->type = &srtp_hmac;
  99. (*a)->out_len = out_len;
  100. (*a)->key_len = key_len;
  101. (*a)->prefix_len = 0;
  102. return srtp_err_status_ok;
  103. }
  104. static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
  105. {
  106. srtp_hmac_nss_ctx_t *hmac;
  107. hmac = (srtp_hmac_nss_ctx_t *)a->state;
  108. if (hmac) {
  109. /* free any PK11 values that have been created */
  110. if (hmac->key) {
  111. PK11_FreeSymKey(hmac->key);
  112. hmac->key = NULL;
  113. }
  114. if (hmac->ctx) {
  115. PK11_DestroyContext(hmac->ctx, PR_TRUE);
  116. hmac->ctx = NULL;
  117. }
  118. if (hmac->nss) {
  119. NSS_ShutdownContext(hmac->nss);
  120. hmac->nss = NULL;
  121. }
  122. /* zeroize everything */
  123. octet_string_set_to_zero(hmac, sizeof(srtp_hmac_nss_ctx_t));
  124. srtp_crypto_free(hmac);
  125. }
  126. /* free memory */
  127. srtp_crypto_free(a);
  128. return srtp_err_status_ok;
  129. }
  130. static srtp_err_status_t srtp_hmac_start(void *statev)
  131. {
  132. srtp_hmac_nss_ctx_t *hmac;
  133. hmac = (srtp_hmac_nss_ctx_t *)statev;
  134. if (PK11_DigestBegin(hmac->ctx) != SECSuccess) {
  135. return srtp_err_status_auth_fail;
  136. }
  137. return srtp_err_status_ok;
  138. }
  139. static srtp_err_status_t srtp_hmac_init(void *statev,
  140. const uint8_t *key,
  141. int key_len)
  142. {
  143. srtp_hmac_nss_ctx_t *hmac;
  144. hmac = (srtp_hmac_nss_ctx_t *)statev;
  145. PK11SymKey *sym_key;
  146. PK11Context *ctx;
  147. if (hmac->ctx) {
  148. PK11_DestroyContext(hmac->ctx, PR_TRUE);
  149. hmac->ctx = NULL;
  150. }
  151. if (hmac->key) {
  152. PK11_FreeSymKey(hmac->key);
  153. hmac->key = NULL;
  154. }
  155. PK11SlotInfo *slot = PK11_GetBestSlot(CKM_SHA_1_HMAC, NULL);
  156. if (!slot) {
  157. return srtp_err_status_bad_param;
  158. }
  159. SECItem key_item = { siBuffer, (unsigned char *)key, key_len };
  160. sym_key = PK11_ImportSymKey(slot, CKM_SHA_1_HMAC, PK11_OriginUnwrap,
  161. CKA_SIGN, &key_item, NULL);
  162. PK11_FreeSlot(slot);
  163. if (!sym_key) {
  164. return srtp_err_status_auth_fail;
  165. }
  166. SECItem param_item = { siBuffer, NULL, 0 };
  167. ctx = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, sym_key,
  168. &param_item);
  169. if (!ctx) {
  170. PK11_FreeSymKey(sym_key);
  171. return srtp_err_status_auth_fail;
  172. }
  173. hmac->key = sym_key;
  174. hmac->ctx = ctx;
  175. return srtp_err_status_ok;
  176. }
  177. static srtp_err_status_t srtp_hmac_update(void *statev,
  178. const uint8_t *message,
  179. int msg_octets)
  180. {
  181. srtp_hmac_nss_ctx_t *hmac;
  182. hmac = (srtp_hmac_nss_ctx_t *)statev;
  183. debug_print(srtp_mod_hmac, "input: %s",
  184. srtp_octet_string_hex_string(message, msg_octets));
  185. if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) {
  186. return srtp_err_status_auth_fail;
  187. }
  188. return srtp_err_status_ok;
  189. }
  190. static srtp_err_status_t srtp_hmac_compute(void *statev,
  191. const uint8_t *message,
  192. int msg_octets,
  193. int tag_len,
  194. uint8_t *result)
  195. {
  196. srtp_hmac_nss_ctx_t *hmac;
  197. hmac = (srtp_hmac_nss_ctx_t *)statev;
  198. uint8_t hash_value[SHA1_DIGEST_SIZE];
  199. int i;
  200. unsigned int len;
  201. debug_print(srtp_mod_hmac, "input: %s",
  202. srtp_octet_string_hex_string(message, msg_octets));
  203. /* check tag length, return error if we can't provide the value expected */
  204. if (tag_len > SHA1_DIGEST_SIZE) {
  205. return srtp_err_status_bad_param;
  206. }
  207. if (PK11_DigestOp(hmac->ctx, message, msg_octets) != SECSuccess) {
  208. return srtp_err_status_auth_fail;
  209. }
  210. if (PK11_DigestFinal(hmac->ctx, hash_value, &len, SHA1_DIGEST_SIZE) !=
  211. SECSuccess) {
  212. return srtp_err_status_auth_fail;
  213. }
  214. if (len < tag_len)
  215. return srtp_err_status_auth_fail;
  216. /* copy hash_value to *result */
  217. for (i = 0; i < tag_len; i++) {
  218. result[i] = hash_value[i];
  219. }
  220. debug_print(srtp_mod_hmac, "output: %s",
  221. srtp_octet_string_hex_string(hash_value, tag_len));
  222. return srtp_err_status_ok;
  223. }
  224. static const char srtp_hmac_description[] =
  225. "hmac sha-1 authentication function";
  226. /*
  227. * srtp_auth_type_t hmac is the hmac metaobject
  228. */
  229. const srtp_auth_type_t srtp_hmac = {
  230. srtp_hmac_alloc, /* */
  231. srtp_hmac_dealloc, /* */
  232. srtp_hmac_init, /* */
  233. srtp_hmac_compute, /* */
  234. srtp_hmac_update, /* */
  235. srtp_hmac_start, /* */
  236. srtp_hmac_description, /* */
  237. &srtp_hmac_test_case_0, /* */
  238. SRTP_HMAC_SHA1 /* */
  239. };