2
0

hmac_ossl.c 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242
  1. /*
  2. * hmac_ossl.c
  3. *
  4. * Implementation of hmac srtp_auth_type_t that leverages OpenSSL
  5. *
  6. * John A. Foley
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright(c) 2013-2017, Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifdef HAVE_CONFIG_H
  45. #include <config.h>
  46. #endif
  47. #include "auth.h"
  48. #include "alloc.h"
  49. #include "err.h" /* for srtp_debug */
  50. #include "auth_test_cases.h"
  51. #include <openssl/evp.h>
  52. #include <openssl/hmac.h>
  53. #define SHA1_DIGEST_SIZE 20
  54. /* the debug module for authentiation */
  55. srtp_debug_module_t srtp_mod_hmac = {
  56. 0, /* debugging is off by default */
  57. "hmac sha-1 openssl" /* printable name for module */
  58. };
  59. static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
  60. int key_len,
  61. int out_len)
  62. {
  63. extern const srtp_auth_type_t srtp_hmac;
  64. debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
  65. key_len);
  66. debug_print(srtp_mod_hmac, " tag length %d",
  67. out_len);
  68. /* check output length - should be less than 20 bytes */
  69. if (out_len > SHA1_DIGEST_SIZE) {
  70. return srtp_err_status_bad_param;
  71. }
  72. /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
  73. using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
  74. #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
  75. {
  76. /* allocate memory for auth and HMAC_CTX structures */
  77. uint8_t *pointer;
  78. HMAC_CTX *new_hmac_ctx;
  79. pointer = (uint8_t *)srtp_crypto_alloc(sizeof(HMAC_CTX) +
  80. sizeof(srtp_auth_t));
  81. if (pointer == NULL) {
  82. return srtp_err_status_alloc_fail;
  83. }
  84. *a = (srtp_auth_t *)pointer;
  85. (*a)->state = pointer + sizeof(srtp_auth_t);
  86. new_hmac_ctx = (HMAC_CTX *)((*a)->state);
  87. HMAC_CTX_init(new_hmac_ctx);
  88. }
  89. #else
  90. *a = (srtp_auth_t *)srtp_crypto_alloc(sizeof(srtp_auth_t));
  91. if (*a == NULL) {
  92. return srtp_err_status_alloc_fail;
  93. }
  94. (*a)->state = HMAC_CTX_new();
  95. if ((*a)->state == NULL) {
  96. srtp_crypto_free(*a);
  97. *a = NULL;
  98. return srtp_err_status_alloc_fail;
  99. }
  100. #endif
  101. /* set pointers */
  102. (*a)->type = &srtp_hmac;
  103. (*a)->out_len = out_len;
  104. (*a)->key_len = key_len;
  105. (*a)->prefix_len = 0;
  106. return srtp_err_status_ok;
  107. }
  108. static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
  109. {
  110. HMAC_CTX *hmac_ctx;
  111. hmac_ctx = (HMAC_CTX *)a->state;
  112. #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER
  113. HMAC_CTX_cleanup(hmac_ctx);
  114. /* zeroize entire state*/
  115. octet_string_set_to_zero(a, sizeof(HMAC_CTX) + sizeof(srtp_auth_t));
  116. #else
  117. HMAC_CTX_free(hmac_ctx);
  118. /* zeroize entire state*/
  119. octet_string_set_to_zero(a, sizeof(srtp_auth_t));
  120. #endif
  121. /* free memory */
  122. srtp_crypto_free(a);
  123. return srtp_err_status_ok;
  124. }
  125. static srtp_err_status_t srtp_hmac_start(void *statev)
  126. {
  127. HMAC_CTX *state = (HMAC_CTX *)statev;
  128. if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0)
  129. return srtp_err_status_auth_fail;
  130. return srtp_err_status_ok;
  131. }
  132. static srtp_err_status_t srtp_hmac_init(void *statev,
  133. const uint8_t *key,
  134. int key_len)
  135. {
  136. HMAC_CTX *state = (HMAC_CTX *)statev;
  137. if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0)
  138. return srtp_err_status_auth_fail;
  139. return srtp_err_status_ok;
  140. }
  141. static srtp_err_status_t srtp_hmac_update(void *statev,
  142. const uint8_t *message,
  143. int msg_octets)
  144. {
  145. HMAC_CTX *state = (HMAC_CTX *)statev;
  146. debug_print(srtp_mod_hmac, "input: %s",
  147. srtp_octet_string_hex_string(message, msg_octets));
  148. if (HMAC_Update(state, message, msg_octets) == 0)
  149. return srtp_err_status_auth_fail;
  150. return srtp_err_status_ok;
  151. }
  152. static srtp_err_status_t srtp_hmac_compute(void *statev,
  153. const uint8_t *message,
  154. int msg_octets,
  155. int tag_len,
  156. uint8_t *result)
  157. {
  158. HMAC_CTX *state = (HMAC_CTX *)statev;
  159. uint8_t hash_value[SHA1_DIGEST_SIZE];
  160. int i;
  161. unsigned int len;
  162. debug_print(srtp_mod_hmac, "input: %s",
  163. srtp_octet_string_hex_string(message, msg_octets));
  164. /* check tag length, return error if we can't provide the value expected */
  165. if (tag_len > SHA1_DIGEST_SIZE) {
  166. return srtp_err_status_bad_param;
  167. }
  168. /* hash message, copy output into H */
  169. if (HMAC_Update(state, message, msg_octets) == 0)
  170. return srtp_err_status_auth_fail;
  171. if (HMAC_Final(state, hash_value, &len) == 0)
  172. return srtp_err_status_auth_fail;
  173. if (len < tag_len)
  174. return srtp_err_status_auth_fail;
  175. /* copy hash_value to *result */
  176. for (i = 0; i < tag_len; i++) {
  177. result[i] = hash_value[i];
  178. }
  179. debug_print(srtp_mod_hmac, "output: %s",
  180. srtp_octet_string_hex_string(hash_value, tag_len));
  181. return srtp_err_status_ok;
  182. }
  183. static const char srtp_hmac_description[] =
  184. "hmac sha-1 authentication function";
  185. /*
  186. * srtp_auth_type_t hmac is the hmac metaobject
  187. */
  188. const srtp_auth_type_t srtp_hmac = {
  189. srtp_hmac_alloc, /* */
  190. srtp_hmac_dealloc, /* */
  191. srtp_hmac_init, /* */
  192. srtp_hmac_compute, /* */
  193. srtp_hmac_update, /* */
  194. srtp_hmac_start, /* */
  195. srtp_hmac_description, /* */
  196. &srtp_hmac_test_case_0, /* */
  197. SRTP_HMAC_SHA1 /* */
  198. };