]>
Commit | Line | Data |
---|---|---|
5183ebdc | 1 | /* |
33388b44 | 2 | * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. |
5183ebdc RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
dbde4726 P |
10 | /* |
11 | * HMAC low level APIs are deprecated for public use, but still ok for internal | |
12 | * use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
3fddbb26 MC |
16 | #include <string.h> |
17 | ||
23c48d94 | 18 | #include <openssl/core_dispatch.h> |
5183ebdc RL |
19 | #include <openssl/core_names.h> |
20 | #include <openssl/params.h> | |
21 | #include <openssl/engine.h> | |
22 | #include <openssl/evp.h> | |
23 | #include <openssl/hmac.h> | |
24 | ||
af3e7e1b | 25 | #include "prov/implementations.h" |
ddd21319 RL |
26 | #include "prov/provider_ctx.h" |
27 | #include "prov/provider_util.h" | |
5b104a81 | 28 | #include "prov/providercommon.h" |
5183ebdc RL |
29 | |
30 | /* | |
31 | * Forward declaration of everything implemented here. This is not strictly | |
32 | * necessary for the compiler, but provides an assurance that the signatures | |
33 | * of the functions in the dispatch table are correct. | |
34 | */ | |
363b1e5d DMSP |
35 | static OSSL_FUNC_mac_newctx_fn hmac_new; |
36 | static OSSL_FUNC_mac_dupctx_fn hmac_dup; | |
37 | static OSSL_FUNC_mac_freectx_fn hmac_free; | |
38 | static OSSL_FUNC_mac_gettable_ctx_params_fn hmac_gettable_ctx_params; | |
39 | static OSSL_FUNC_mac_get_ctx_params_fn hmac_get_ctx_params; | |
40 | static OSSL_FUNC_mac_settable_ctx_params_fn hmac_settable_ctx_params; | |
41 | static OSSL_FUNC_mac_set_ctx_params_fn hmac_set_ctx_params; | |
42 | static OSSL_FUNC_mac_init_fn hmac_init; | |
43 | static OSSL_FUNC_mac_update_fn hmac_update; | |
44 | static OSSL_FUNC_mac_final_fn hmac_final; | |
5183ebdc RL |
45 | |
46 | /* local HMAC context structure */ | |
47 | ||
48 | /* typedef EVP_MAC_IMPL */ | |
49 | struct hmac_data_st { | |
50 | void *provctx; | |
51 | HMAC_CTX *ctx; /* HMAC context */ | |
103d8b0b | 52 | PROV_DIGEST digest; |
3fddbb26 MC |
53 | unsigned char *key; |
54 | size_t keylen; | |
2e2084da | 55 | /* Length of full TLS record including the MAC and any padding */ |
3fddbb26 MC |
56 | size_t tls_data_size; |
57 | unsigned char tls_header[13]; | |
58 | int tls_header_set; | |
59 | unsigned char tls_mac_out[EVP_MAX_MD_SIZE]; | |
60 | size_t tls_mac_out_size; | |
5183ebdc RL |
61 | }; |
62 | ||
3fddbb26 MC |
63 | /* Defined in ssl/s3_cbc.c */ |
64 | int ssl3_cbc_digest_record(const EVP_MD *md, | |
65 | unsigned char *md_out, | |
66 | size_t *md_out_size, | |
67 | const unsigned char header[13], | |
68 | const unsigned char *data, | |
e08f86dd | 69 | size_t data_size, |
3fddbb26 MC |
70 | size_t data_plus_mac_plus_padding_size, |
71 | const unsigned char *mac_secret, | |
72 | size_t mac_secret_length, char is_sslv3); | |
73 | ||
5183ebdc RL |
74 | static size_t hmac_size(void *vmacctx); |
75 | ||
76 | static void *hmac_new(void *provctx) | |
77 | { | |
78 | struct hmac_data_st *macctx; | |
79 | ||
5b104a81 P |
80 | if (!ossl_prov_is_running()) |
81 | return NULL; | |
82 | ||
5183ebdc RL |
83 | if ((macctx = OPENSSL_zalloc(sizeof(*macctx))) == NULL |
84 | || (macctx->ctx = HMAC_CTX_new()) == NULL) { | |
85 | OPENSSL_free(macctx); | |
86 | return NULL; | |
87 | } | |
88 | /* TODO(3.0) Should we do something more with that context? */ | |
89 | macctx->provctx = provctx; | |
90 | ||
91 | return macctx; | |
92 | } | |
93 | ||
94 | static void hmac_free(void *vmacctx) | |
95 | { | |
96 | struct hmac_data_st *macctx = vmacctx; | |
97 | ||
98 | if (macctx != NULL) { | |
99 | HMAC_CTX_free(macctx->ctx); | |
103d8b0b | 100 | ossl_prov_digest_reset(&macctx->digest); |
3fddbb26 | 101 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); |
5183ebdc RL |
102 | OPENSSL_free(macctx); |
103 | } | |
104 | } | |
105 | ||
106 | static void *hmac_dup(void *vsrc) | |
107 | { | |
108 | struct hmac_data_st *src = vsrc; | |
5b104a81 | 109 | struct hmac_data_st *dst; |
3fddbb26 | 110 | HMAC_CTX *ctx; |
5183ebdc | 111 | |
5b104a81 P |
112 | if (!ossl_prov_is_running()) |
113 | return NULL; | |
114 | dst = hmac_new(src->provctx); | |
5183ebdc RL |
115 | if (dst == NULL) |
116 | return NULL; | |
117 | ||
3fddbb26 MC |
118 | ctx = dst->ctx; |
119 | *dst = *src; | |
120 | dst->ctx = ctx; | |
121 | dst->key = NULL; | |
122 | ||
103d8b0b P |
123 | if (!HMAC_CTX_copy(dst->ctx, src->ctx) |
124 | || !ossl_prov_digest_copy(&dst->digest, &src->digest)) { | |
5183ebdc RL |
125 | hmac_free(dst); |
126 | return NULL; | |
127 | } | |
3fddbb26 MC |
128 | if (src->key != NULL) { |
129 | /* There is no "secure" OPENSSL_memdup */ | |
130 | dst->key = OPENSSL_secure_malloc(src->keylen); | |
131 | if (dst->key == NULL) { | |
132 | hmac_free(dst); | |
133 | return 0; | |
134 | } | |
135 | memcpy(dst->key, src->key, src->keylen); | |
136 | } | |
5183ebdc RL |
137 | return dst; |
138 | } | |
139 | ||
140 | static size_t hmac_size(void *vmacctx) | |
141 | { | |
142 | struct hmac_data_st *macctx = vmacctx; | |
143 | ||
144 | return HMAC_size(macctx->ctx); | |
145 | } | |
146 | ||
147 | static int hmac_init(void *vmacctx) | |
148 | { | |
149 | struct hmac_data_st *macctx = vmacctx; | |
5b104a81 | 150 | const EVP_MD *digest; |
5183ebdc RL |
151 | int rv = 1; |
152 | ||
5b104a81 P |
153 | if (!ossl_prov_is_running()) |
154 | return 0; | |
155 | ||
156 | digest = ossl_prov_digest_md(&macctx->digest); | |
5183ebdc | 157 | /* HMAC_Init_ex doesn't tolerate all zero params, so we must be careful */ |
3fddbb26 | 158 | if (macctx->tls_data_size == 0 && digest != NULL) |
103d8b0b P |
159 | rv = HMAC_Init_ex(macctx->ctx, NULL, 0, digest, |
160 | ossl_prov_digest_engine(&macctx->digest)); | |
3fddbb26 | 161 | |
5183ebdc RL |
162 | return rv; |
163 | } | |
164 | ||
165 | static int hmac_update(void *vmacctx, const unsigned char *data, | |
166 | size_t datalen) | |
167 | { | |
168 | struct hmac_data_st *macctx = vmacctx; | |
169 | ||
3fddbb26 MC |
170 | if (macctx->tls_data_size > 0) { |
171 | /* We're doing a TLS HMAC */ | |
172 | if (!macctx->tls_header_set) { | |
173 | /* We expect the first update call to contain the TLS header */ | |
174 | if (datalen != sizeof(macctx->tls_header)) | |
175 | return 0; | |
176 | memcpy(macctx->tls_header, data, datalen); | |
177 | macctx->tls_header_set = 1; | |
178 | return 1; | |
179 | } | |
2e2084da MC |
180 | /* macctx->tls_data_size is datalen plus the padding length */ |
181 | if (macctx->tls_data_size < datalen) | |
3fddbb26 MC |
182 | return 0; |
183 | ||
184 | return ssl3_cbc_digest_record(ossl_prov_digest_md(&macctx->digest), | |
185 | macctx->tls_mac_out, | |
186 | &macctx->tls_mac_out_size, | |
187 | macctx->tls_header, | |
188 | data, | |
3fddbb26 | 189 | datalen, |
2e2084da | 190 | macctx->tls_data_size, |
3fddbb26 MC |
191 | macctx->key, |
192 | macctx->keylen, | |
193 | 0); | |
194 | } | |
195 | ||
5183ebdc RL |
196 | return HMAC_Update(macctx->ctx, data, datalen); |
197 | } | |
198 | ||
199 | static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, | |
200 | size_t outsize) | |
201 | { | |
202 | unsigned int hlen; | |
203 | struct hmac_data_st *macctx = vmacctx; | |
204 | ||
5b104a81 P |
205 | if (!ossl_prov_is_running()) |
206 | return 0; | |
3fddbb26 MC |
207 | if (macctx->tls_data_size > 0) { |
208 | if (macctx->tls_mac_out_size == 0) | |
209 | return 0; | |
210 | if (outl != NULL) | |
211 | *outl = macctx->tls_mac_out_size; | |
212 | memcpy(out, macctx->tls_mac_out, macctx->tls_mac_out_size); | |
213 | return 1; | |
214 | } | |
5183ebdc RL |
215 | if (!HMAC_Final(macctx->ctx, out, &hlen)) |
216 | return 0; | |
5f6a0b2f | 217 | *outl = hlen; |
5183ebdc RL |
218 | return 1; |
219 | } | |
220 | ||
221 | static const OSSL_PARAM known_gettable_ctx_params[] = { | |
703170d4 | 222 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL), |
5183ebdc RL |
223 | OSSL_PARAM_END |
224 | }; | |
1017ab21 | 225 | static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *provctx) |
5183ebdc RL |
226 | { |
227 | return known_gettable_ctx_params; | |
228 | } | |
229 | ||
92d9d0ae | 230 | static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[]) |
5183ebdc RL |
231 | { |
232 | OSSL_PARAM *p; | |
233 | ||
703170d4 | 234 | if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL) |
5183ebdc RL |
235 | return OSSL_PARAM_set_size_t(p, hmac_size(vmacctx)); |
236 | ||
237 | return 1; | |
238 | } | |
239 | ||
240 | static const OSSL_PARAM known_settable_ctx_params[] = { | |
5183ebdc | 241 | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_DIGEST, NULL, 0), |
5183ebdc RL |
242 | OSSL_PARAM_utf8_string(OSSL_MAC_PARAM_PROPERTIES, NULL, 0), |
243 | OSSL_PARAM_octet_string(OSSL_MAC_PARAM_KEY, NULL, 0), | |
244 | OSSL_PARAM_int(OSSL_MAC_PARAM_FLAGS, NULL), | |
3fddbb26 | 245 | OSSL_PARAM_size_t(OSSL_MAC_PARAM_TLS_DATA_SIZE, NULL), |
5183ebdc RL |
246 | OSSL_PARAM_END |
247 | }; | |
1017ab21 | 248 | static const OSSL_PARAM *hmac_settable_ctx_params(ossl_unused void *provctx) |
5183ebdc RL |
249 | { |
250 | return known_settable_ctx_params; | |
251 | } | |
252 | ||
253 | /* | |
254 | * ALL parameters should be set before init(). | |
255 | */ | |
92d9d0ae | 256 | static int hmac_set_ctx_params(void *vmacctx, const OSSL_PARAM params[]) |
5183ebdc RL |
257 | { |
258 | struct hmac_data_st *macctx = vmacctx; | |
103d8b0b | 259 | OPENSSL_CTX *ctx = PROV_LIBRARY_CONTEXT_OF(macctx->provctx); |
5183ebdc RL |
260 | const OSSL_PARAM *p; |
261 | ||
103d8b0b P |
262 | if (!ossl_prov_digest_load_from_params(&macctx->digest, params, ctx)) |
263 | return 0; | |
5183ebdc | 264 | |
5183ebdc RL |
265 | /* TODO(3.0) formalize the meaning of "flags", perhaps as other params */ |
266 | if ((p = OSSL_PARAM_locate_const(params, | |
267 | OSSL_MAC_PARAM_FLAGS)) != NULL) { | |
268 | int flags = 0; | |
269 | ||
270 | if (!OSSL_PARAM_get_int(p, &flags)) | |
271 | return 0; | |
272 | HMAC_CTX_set_flags(macctx->ctx, flags); | |
273 | } | |
274 | if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_KEY)) != NULL) { | |
275 | if (p->data_type != OSSL_PARAM_OCTET_STRING) | |
276 | return 0; | |
277 | ||
3fddbb26 MC |
278 | if (macctx->keylen > 0) |
279 | OPENSSL_secure_clear_free(macctx->key, macctx->keylen); | |
280 | /* Keep a copy of the key if we need it for TLS HMAC */ | |
281 | macctx->key = OPENSSL_secure_malloc(p->data_size); | |
282 | if (macctx->key == NULL) | |
283 | return 0; | |
284 | memcpy(macctx->key, p->data, p->data_size); | |
285 | macctx->keylen = p->data_size; | |
286 | ||
5183ebdc | 287 | if (!HMAC_Init_ex(macctx->ctx, p->data, p->data_size, |
103d8b0b P |
288 | ossl_prov_digest_md(&macctx->digest), |
289 | NULL /* ENGINE */)) | |
5183ebdc RL |
290 | return 0; |
291 | ||
3fddbb26 MC |
292 | } |
293 | if ((p = OSSL_PARAM_locate_const(params, | |
294 | OSSL_MAC_PARAM_TLS_DATA_SIZE)) != NULL) { | |
295 | if (!OSSL_PARAM_get_size_t(p, &macctx->tls_data_size)) | |
296 | return 0; | |
5183ebdc RL |
297 | } |
298 | return 1; | |
299 | } | |
300 | ||
301 | const OSSL_DISPATCH hmac_functions[] = { | |
302 | { OSSL_FUNC_MAC_NEWCTX, (void (*)(void))hmac_new }, | |
303 | { OSSL_FUNC_MAC_DUPCTX, (void (*)(void))hmac_dup }, | |
304 | { OSSL_FUNC_MAC_FREECTX, (void (*)(void))hmac_free }, | |
305 | { OSSL_FUNC_MAC_INIT, (void (*)(void))hmac_init }, | |
306 | { OSSL_FUNC_MAC_UPDATE, (void (*)(void))hmac_update }, | |
307 | { OSSL_FUNC_MAC_FINAL, (void (*)(void))hmac_final }, | |
308 | { OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS, | |
309 | (void (*)(void))hmac_gettable_ctx_params }, | |
92d9d0ae | 310 | { OSSL_FUNC_MAC_GET_CTX_PARAMS, (void (*)(void))hmac_get_ctx_params }, |
5183ebdc RL |
311 | { OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS, |
312 | (void (*)(void))hmac_settable_ctx_params }, | |
92d9d0ae | 313 | { OSSL_FUNC_MAC_SET_CTX_PARAMS, (void (*)(void))hmac_set_ctx_params }, |
5183ebdc RL |
314 | { 0, NULL } |
315 | }; |