hmac.c 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283
  1. /*
  2. * hmac.c
  3. *
  4. * implementation of hmac srtp_auth_type_t
  5. *
  6. * David A. McGrew
  7. * Cisco Systems, Inc.
  8. */
  9. /*
  10. *
  11. * Copyright(c) 2001-2017 Cisco Systems, Inc.
  12. * All rights reserved.
  13. *
  14. * Redistribution and use in source and binary forms, with or without
  15. * modification, are permitted provided that the following conditions
  16. * are met:
  17. *
  18. * Redistributions of source code must retain the above copyright
  19. * notice, this list of conditions and the following disclaimer.
  20. *
  21. * Redistributions in binary form must reproduce the above
  22. * copyright notice, this list of conditions and the following
  23. * disclaimer in the documentation and/or other materials provided
  24. * with the distribution.
  25. *
  26. * Neither the name of the Cisco Systems, Inc. nor the names of its
  27. * contributors may be used to endorse or promote products derived
  28. * from this software without specific prior written permission.
  29. *
  30. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  31. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  32. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
  33. * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
  34. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
  35. * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  36. * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  37. * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  38. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  39. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  40. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  41. * OF THE POSSIBILITY OF SUCH DAMAGE.
  42. *
  43. */
  44. #ifdef HAVE_CONFIG_H
  45. #include <config.h>
  46. #endif
  47. #include "hmac.h"
  48. #include "alloc.h"
  49. #include "cipher_types.h"
  50. /* the debug module for authentiation */
  51. srtp_debug_module_t srtp_mod_hmac = {
  52. 0, /* debugging is off by default */
  53. "hmac sha-1" /* printable name for module */
  54. };
  55. static srtp_err_status_t srtp_hmac_alloc(srtp_auth_t **a,
  56. int key_len,
  57. int out_len)
  58. {
  59. extern const srtp_auth_type_t srtp_hmac;
  60. uint8_t *pointer;
  61. debug_print(srtp_mod_hmac, "allocating auth func with key length %d",
  62. key_len);
  63. debug_print(srtp_mod_hmac, " tag length %d",
  64. out_len);
  65. /*
  66. * check key length - note that we don't support keys larger
  67. * than 20 bytes yet
  68. */
  69. if (key_len > 20) {
  70. return srtp_err_status_bad_param;
  71. }
  72. /* check output length - should be less than 20 bytes */
  73. if (out_len > 20) {
  74. return srtp_err_status_bad_param;
  75. }
  76. /* allocate memory for auth and srtp_hmac_ctx_t structures */
  77. pointer = (uint8_t *)srtp_crypto_alloc(sizeof(srtp_hmac_ctx_t) +
  78. sizeof(srtp_auth_t));
  79. if (pointer == NULL) {
  80. return srtp_err_status_alloc_fail;
  81. }
  82. /* set pointers */
  83. *a = (srtp_auth_t *)pointer;
  84. (*a)->type = &srtp_hmac;
  85. (*a)->state = pointer + sizeof(srtp_auth_t);
  86. (*a)->out_len = out_len;
  87. (*a)->key_len = key_len;
  88. (*a)->prefix_len = 0;
  89. return srtp_err_status_ok;
  90. }
  91. static srtp_err_status_t srtp_hmac_dealloc(srtp_auth_t *a)
  92. {
  93. /* zeroize entire state*/
  94. octet_string_set_to_zero(a, sizeof(srtp_hmac_ctx_t) + sizeof(srtp_auth_t));
  95. /* free memory */
  96. srtp_crypto_free(a);
  97. return srtp_err_status_ok;
  98. }
  99. static srtp_err_status_t srtp_hmac_init(void *statev,
  100. const uint8_t *key,
  101. int key_len)
  102. {
  103. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  104. int i;
  105. uint8_t ipad[64];
  106. /*
  107. * check key length - note that we don't support keys larger
  108. * than 20 bytes yet
  109. */
  110. if (key_len > 20) {
  111. return srtp_err_status_bad_param;
  112. }
  113. /*
  114. * set values of ipad and opad by exoring the key into the
  115. * appropriate constant values
  116. */
  117. for (i = 0; i < key_len; i++) {
  118. ipad[i] = key[i] ^ 0x36;
  119. state->opad[i] = key[i] ^ 0x5c;
  120. }
  121. /* set the rest of ipad, opad to constant values */
  122. for (; i < 64; i++) {
  123. ipad[i] = 0x36;
  124. ((uint8_t *)state->opad)[i] = 0x5c;
  125. }
  126. debug_print(srtp_mod_hmac, "ipad: %s",
  127. srtp_octet_string_hex_string(ipad, 64));
  128. /* initialize sha1 context */
  129. srtp_sha1_init(&state->init_ctx);
  130. /* hash ipad ^ key */
  131. srtp_sha1_update(&state->init_ctx, ipad, 64);
  132. memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
  133. return srtp_err_status_ok;
  134. }
  135. static srtp_err_status_t srtp_hmac_start(void *statev)
  136. {
  137. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  138. memcpy(&state->ctx, &state->init_ctx, sizeof(srtp_sha1_ctx_t));
  139. return srtp_err_status_ok;
  140. }
  141. static srtp_err_status_t srtp_hmac_update(void *statev,
  142. const uint8_t *message,
  143. int msg_octets)
  144. {
  145. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  146. debug_print(srtp_mod_hmac, "input: %s",
  147. srtp_octet_string_hex_string(message, msg_octets));
  148. /* hash message into sha1 context */
  149. srtp_sha1_update(&state->ctx, message, msg_octets);
  150. return srtp_err_status_ok;
  151. }
  152. static srtp_err_status_t srtp_hmac_compute(void *statev,
  153. const uint8_t *message,
  154. int msg_octets,
  155. int tag_len,
  156. uint8_t *result)
  157. {
  158. srtp_hmac_ctx_t *state = (srtp_hmac_ctx_t *)statev;
  159. uint32_t hash_value[5];
  160. uint32_t H[5];
  161. int i;
  162. /* check tag length, return error if we can't provide the value expected */
  163. if (tag_len > 20) {
  164. return srtp_err_status_bad_param;
  165. }
  166. /* hash message, copy output into H */
  167. srtp_hmac_update(state, message, msg_octets);
  168. srtp_sha1_final(&state->ctx, H);
  169. /*
  170. * note that we don't need to debug_print() the input, since the
  171. * function hmac_update() already did that for us
  172. */
  173. debug_print(srtp_mod_hmac, "intermediate state: %s",
  174. srtp_octet_string_hex_string((uint8_t *)H, 20));
  175. /* re-initialize hash context */
  176. srtp_sha1_init(&state->ctx);
  177. /* hash opad ^ key */
  178. srtp_sha1_update(&state->ctx, (uint8_t *)state->opad, 64);
  179. /* hash the result of the inner hash */
  180. srtp_sha1_update(&state->ctx, (uint8_t *)H, 20);
  181. /* the result is returned in the array hash_value[] */
  182. srtp_sha1_final(&state->ctx, hash_value);
  183. /* copy hash_value to *result */
  184. for (i = 0; i < tag_len; i++) {
  185. result[i] = ((uint8_t *)hash_value)[i];
  186. }
  187. debug_print(srtp_mod_hmac, "output: %s",
  188. srtp_octet_string_hex_string((uint8_t *)hash_value, tag_len));
  189. return srtp_err_status_ok;
  190. }
  191. /* begin test case 0 */
  192. /* clang-format off */
  193. static const uint8_t srtp_hmac_test_case_0_key[20] = {
  194. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  195. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  196. 0x0b, 0x0b, 0x0b, 0x0b
  197. };
  198. /* clang-format on */
  199. /* clang-format off */
  200. static const uint8_t srtp_hmac_test_case_0_data[8] = {
  201. 0x48, 0x69, 0x20, 0x54, 0x68, 0x65, 0x72, 0x65 /* "Hi There" */
  202. };
  203. /* clang-format on */
  204. /* clang-format off */
  205. static const uint8_t srtp_hmac_test_case_0_tag[20] = {
  206. 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64,
  207. 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e,
  208. 0xf1, 0x46, 0xbe, 0x00
  209. };
  210. /* clang-format on */
  211. static const srtp_auth_test_case_t srtp_hmac_test_case_0 = {
  212. 20, /* octets in key */
  213. srtp_hmac_test_case_0_key, /* key */
  214. 8, /* octets in data */
  215. srtp_hmac_test_case_0_data, /* data */
  216. 20, /* octets in tag */
  217. srtp_hmac_test_case_0_tag, /* tag */
  218. NULL /* pointer to next testcase */
  219. };
  220. /* end test case 0 */
  221. static const char srtp_hmac_description[] =
  222. "hmac sha-1 authentication function";
  223. /*
  224. * srtp_auth_type_t hmac is the hmac metaobject
  225. */
  226. const srtp_auth_type_t srtp_hmac = {
  227. srtp_hmac_alloc, /* */
  228. srtp_hmac_dealloc, /* */
  229. srtp_hmac_init, /* */
  230. srtp_hmac_compute, /* */
  231. srtp_hmac_update, /* */
  232. srtp_hmac_start, /* */
  233. srtp_hmac_description, /* */
  234. &srtp_hmac_test_case_0, /* */
  235. SRTP_HMAC_SHA1 /* */
  236. };